Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
u75a1_003.exe

Overview

General Information

Sample name:u75a1_003.exe
Analysis ID:1651741
MD5:9498aeaa922b982c0d373949a9fff03e
SHA1:98635c528c10a6f07dab7448de75abf885335524
SHA256:9a8f3a6dd5a2ee6b29a558629ffe66170e09dac76e75f573382a3520af287a80
Tags:exeuser-aachum
Infos:

Detection

DarkVision Rat
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Benign windows process drops PE files
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DarkVision Rat
Yara detected UAC Bypass using CMSTP
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Creates autostart registry keys with suspicious names
Deletes itself after installation
Found direct / indirect Syscall (likely to bypass EDR)
Joe Sandbox ML detected suspicious sample
Loading BitLocker PowerShell Module
Maps a DLL or memory area into another process
Query firmware table information (likely to detect VMs)
Sample is not signed and drops a device driver
Searches for specific processes (likely to inject)
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Windows Binaries Write Suspicious Extensions
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to load drivers
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Enables driver privileges
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Execution From GUID Like Folder Names
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: Use Short Name Path in Command Line
Spawns drivers
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • u75a1_003.exe (PID: 6236 cmdline: "C:\Users\user\Desktop\u75a1_003.exe" MD5: 9498AEAA922B982C0D373949A9FFF03E)
    • cmd.exe (PID: 6180 cmdline: cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:' MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 6852 cmdline: powershell.exe Add-MpPreference -ExclusionPath 'C:' MD5: 04029E121A0CFA5991749937DD22A1D9)
    • svchost.exe (PID: 6508 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
      • tzutil.exe (PID: 1548 cmdline: "C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exe" "" MD5: 95E078A0E59F8C398A46AD93B5EBCFE9)
        • powershell.exe (PID: 6424 cmdline: powershell Add-MpPreference -ExclusionPath C:\ MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 5860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 2020 cmdline: powershell Remove-MpPreference -ExclusionPath C:\ MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 1940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 3436 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\set.bat" """ MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • w32tm.exe (PID: 1896 cmdline: "C:\Users\user~1\AppData\Local\Temp\\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe" "" MD5: 15BDC4BD67925EF33B926843B3B8154B)
  • svchost.exe (PID: 6444 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Configuration

Threatname: DarkVision Rat

{"C2": "82.29.67.160", "Port": 443}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.880146615.000000000075B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DarkVisionRatYara detected DarkVision RatJoe Security
    00000000.00000002.880146615.000000000075B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
      00000003.00000002.2136522765.000002B5CE8A8000.00000002.00001000.00020000.00000000.sdmpJoeSecurity_DarkVisionRatYara detected DarkVision RatJoe Security
        00000003.00000002.2136522765.000002B5CE8A8000.00000002.00001000.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
          00000000.00000002.879776216.0000000000434000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_DarkVisionRatYara detected DarkVision RatJoe Security
            Click to see the 5 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.u75a1_003.exe.75bfc8.1.raw.unpackJoeSecurity_DarkVisionRatYara detected DarkVision RatJoe Security
              0.2.u75a1_003.exe.75bfc8.1.raw.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                0.2.u75a1_003.exe.75bfc8.1.raw.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
                • 0x36ee8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
                • 0x36e18:$s1: CoGetObject
                • 0x36eb0:$s2: Elevation:Administrator!new:
                3.2.svchost.exe.2b5ce870000.0.unpackJoeSecurity_DarkVisionRatYara detected DarkVision RatJoe Security
                  3.2.svchost.exe.2b5ce870000.0.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                    Click to see the 6 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Files With System Process Name In Unsuspected Locations
                    Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\svchost.exe, ProcessId: 6508, TargetFilename: C:\Users\user~1\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:', CommandLine: cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:', CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\u75a1_003.exe", ParentImage: C:\Users\user\Desktop\u75a1_003.exe, ParentProcessId: 6236, ParentProcessName: u75a1_003.exe, ProcessCommandLine: cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:', ProcessId: 6180, ProcessName: cmd.exe
                    Sigma detected: Windows Binaries Write Suspicious Extensions
                    Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\svchost.exe, ProcessId: 6508, TargetFilename: C:\Users\user~1\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\set.bat
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\{A332F586-BC6E-46FF-BB3B-A67E49F41010}\aitstatic.exe {1CF6DD21-C538-4D1C-883F-AD3AF450FA11}, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\svchost.exe, ProcessId: 6508, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{57F06FF0-B2D5-45F3-BFEE-970F76E38EFD}
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:', CommandLine: cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:', CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\u75a1_003.exe", ParentImage: C:\Users\user\Desktop\u75a1_003.exe, ParentProcessId: 6236, ParentProcessName: u75a1_003.exe, ProcessCommandLine: cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:', ProcessId: 6180, ProcessName: cmd.exe
                    Sigma detected: Suspicious Execution From GUID Like Folder Names
                    Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\set.bat" """, CommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\set.bat" """, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows\system32\svchost.exe", ParentImage: C:\Windows\System32\svchost.exe, ParentProcessId: 6508, ParentProcessName: svchost.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\set.bat" """, ProcessId: 3436, ProcessName: cmd.exe
                    Sigma detected: Uncommon Svchost Parent Process
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\svchost.exe", CommandLine: "C:\Windows\system32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\u75a1_003.exe", ParentImage: C:\Users\user\Desktop\u75a1_003.exe, ParentProcessId: 6236, ParentProcessName: u75a1_003.exe, ProcessCommandLine: "C:\Windows\system32\svchost.exe", ProcessId: 6508, ProcessName: svchost.exe
                    Sigma detected: Use Short Name Path in Command Line
                    Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe" "", CommandLine: "C:\Users\user~1\AppData\Local\Temp\\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe" "", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe, ParentCommandLine: "C:\Windows\system32\svchost.exe", ParentImage: C:\Windows\System32\svchost.exe, ParentProcessId: 6508, ParentProcessName: svchost.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe" "", ProcessId: 1896, ProcessName: w32tm.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe Add-MpPreference -ExclusionPath 'C:', CommandLine: powershell.exe Add-MpPreference -ExclusionPath 'C:', CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:', ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6180, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe Add-MpPreference -ExclusionPath 'C:', ProcessId: 6852, ProcessName: powershell.exe
                    Sigma detected: Windows Processes Suspicious Parent Directory
                    Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\system32\svchost.exe", CommandLine: "C:\Windows\system32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\u75a1_003.exe", ParentImage: C:\Users\user\Desktop\u75a1_003.exe, ParentProcessId: 6236, ParentProcessName: u75a1_003.exe, ProcessCommandLine: "C:\Windows\system32\svchost.exe", ProcessId: 6508, ProcessName: svchost.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-03-29T14:41:46.571649+010020283713Unknown Traffic192.168.2.749695104.26.8.202443TCP
                    2025-03-29T14:41:47.971454+010020283713Unknown Traffic192.168.2.749698104.26.8.202443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-03-29T14:41:17.074551+010020456181A Network Trojan was detected192.168.2.74968282.29.67.160443TCP
                    2025-03-29T14:41:21.108619+010020456181A Network Trojan was detected192.168.2.74968382.29.67.160443TCP
                    2025-03-29T14:41:25.135585+010020456181A Network Trojan was detected192.168.2.74968482.29.67.160443TCP
                    2025-03-29T14:41:29.151095+010020456181A Network Trojan was detected192.168.2.74968582.29.67.160443TCP
                    2025-03-29T14:41:33.166939+010020456181A Network Trojan was detected192.168.2.74969182.29.67.160443TCP
                    2025-03-29T14:41:37.182847+010020456181A Network Trojan was detected192.168.2.74969282.29.67.160443TCP
                    2025-03-29T14:41:41.213680+010020456181A Network Trojan was detected192.168.2.74969382.29.67.160443TCP
                    2025-03-29T14:41:45.248515+010020456181A Network Trojan was detected192.168.2.74969482.29.67.160443TCP
                    2025-03-29T14:41:49.260739+010020456181A Network Trojan was detected192.168.2.74970082.29.67.160443TCP
                    2025-03-29T14:41:53.276037+010020456181A Network Trojan was detected192.168.2.74970382.29.67.160443TCP
                    2025-03-29T14:41:57.292202+010020456181A Network Trojan was detected192.168.2.74970482.29.67.160443TCP
                    2025-03-29T14:42:01.323320+010020456181A Network Trojan was detected192.168.2.74970682.29.67.160443TCP
                    2025-03-29T14:42:05.026126+010020456181A Network Trojan was detected192.168.2.74970782.29.67.160443TCP
                    2025-03-29T14:42:08.463765+010020456181A Network Trojan was detected192.168.2.74970882.29.67.160443TCP
                    2025-03-29T14:42:11.651249+010020456181A Network Trojan was detected192.168.2.74970982.29.67.160443TCP
                    2025-03-29T14:42:14.619886+010020456181A Network Trojan was detected192.168.2.74971082.29.67.160443TCP
                    2025-03-29T14:42:17.416914+010020456181A Network Trojan was detected192.168.2.74971182.29.67.160443TCP
                    2025-03-29T14:42:20.041773+010020456181A Network Trojan was detected192.168.2.74971282.29.67.160443TCP
                    2025-03-29T14:42:22.479198+010020456181A Network Trojan was detected192.168.2.74971382.29.67.160443TCP
                    2025-03-29T14:42:24.776297+010020456181A Network Trojan was detected192.168.2.74971482.29.67.160443TCP
                    2025-03-29T14:42:26.963890+010020456181A Network Trojan was detected192.168.2.74971582.29.67.160443TCP
                    2025-03-29T14:42:29.025993+010020456181A Network Trojan was detected192.168.2.74971682.29.67.160443TCP
                    2025-03-29T14:42:30.979154+010020456181A Network Trojan was detected192.168.2.74971782.29.67.160443TCP
                    2025-03-29T14:42:32.854047+010020456181A Network Trojan was detected192.168.2.74971882.29.67.160443TCP
                    2025-03-29T14:42:34.637327+010020456181A Network Trojan was detected192.168.2.74971982.29.67.160443TCP
                    2025-03-29T14:42:36.338362+010020456181A Network Trojan was detected192.168.2.74972082.29.67.160443TCP
                    2025-03-29T14:42:37.963627+010020456181A Network Trojan was detected192.168.2.74972182.29.67.160443TCP
                    2025-03-29T14:42:39.551397+010020456181A Network Trojan was detected192.168.2.74972582.29.67.160443TCP
                    2025-03-29T14:42:41.073067+010020456181A Network Trojan was detected192.168.2.74975082.29.67.160443TCP
                    2025-03-29T14:42:42.529422+010020456181A Network Trojan was detected192.168.2.74979682.29.67.160443TCP
                    2025-03-29T14:42:43.947759+010020456181A Network Trojan was detected192.168.2.74980382.29.67.160443TCP
                    2025-03-29T14:42:45.329331+010020456181A Network Trojan was detected192.168.2.74981982.29.67.160443TCP
                    2025-03-29T14:42:46.669494+010020456181A Network Trojan was detected192.168.2.74983082.29.67.160443TCP
                    2025-03-29T14:42:47.963283+010020456181A Network Trojan was detected192.168.2.74983782.29.67.160443TCP
                    2025-03-29T14:42:49.277153+010020456181A Network Trojan was detected192.168.2.74984282.29.67.160443TCP
                    2025-03-29T14:42:50.541722+010020456181A Network Trojan was detected192.168.2.74985182.29.67.160443TCP
                    2025-03-29T14:42:52.073816+010020456181A Network Trojan was detected192.168.2.74986282.29.67.160443TCP
                    2025-03-29T14:42:53.276074+010020456181A Network Trojan was detected192.168.2.74987382.29.67.160443TCP
                    2025-03-29T14:42:54.485239+010020456181A Network Trojan was detected192.168.2.74987982.29.67.160443TCP
                    2025-03-29T14:42:55.666713+010020456181A Network Trojan was detected192.168.2.74989082.29.67.160443TCP
                    2025-03-29T14:42:56.838813+010020456181A Network Trojan was detected192.168.2.74989782.29.67.160443TCP
                    2025-03-29T14:42:57.995576+010020456181A Network Trojan was detected192.168.2.74990482.29.67.160443TCP
                    2025-03-29T14:42:59.135214+010020456181A Network Trojan was detected192.168.2.74991682.29.67.160443TCP
                    2025-03-29T14:43:00.263345+010020456181A Network Trojan was detected192.168.2.74992082.29.67.160443TCP
                    2025-03-29T14:43:01.576197+010020456181A Network Trojan was detected192.168.2.74992382.29.67.160443TCP
                    2025-03-29T14:43:02.683910+010020456181A Network Trojan was detected192.168.2.74992982.29.67.160443TCP
                    2025-03-29T14:43:03.760210+010020456181A Network Trojan was detected192.168.2.74993382.29.67.160443TCP
                    2025-03-29T14:43:04.838152+010020456181A Network Trojan was detected192.168.2.74993782.29.67.160443TCP
                    2025-03-29T14:43:05.934607+010020456181A Network Trojan was detected192.168.2.74994582.29.67.160443TCP
                    2025-03-29T14:43:06.997931+010020456181A Network Trojan was detected192.168.2.74995382.29.67.160443TCP
                    2025-03-29T14:43:08.058029+010020456181A Network Trojan was detected192.168.2.74995882.29.67.160443TCP
                    2025-03-29T14:43:09.119551+010020456181A Network Trojan was detected192.168.2.74996282.29.67.160443TCP
                    2025-03-29T14:43:10.167285+010020456181A Network Trojan was detected192.168.2.74996582.29.67.160443TCP
                    2025-03-29T14:43:11.229811+010020456181A Network Trojan was detected192.168.2.74997282.29.67.160443TCP
                    2025-03-29T14:43:12.291306+010020456181A Network Trojan was detected192.168.2.74998182.29.67.160443TCP
                    2025-03-29T14:43:13.322648+010020456181A Network Trojan was detected192.168.2.74998982.29.67.160443TCP
                    2025-03-29T14:43:14.369521+010020456181A Network Trojan was detected192.168.2.75000482.29.67.160443TCP
                    2025-03-29T14:43:15.400813+010020456181A Network Trojan was detected192.168.2.75001182.29.67.160443TCP
                    2025-03-29T14:43:17.087083+010020456181A Network Trojan was detected192.168.2.75001982.29.67.160443TCP
                    2025-03-29T14:43:18.121607+010020456181A Network Trojan was detected192.168.2.75002582.29.67.160443TCP
                    2025-03-29T14:43:19.166887+010020456181A Network Trojan was detected192.168.2.75003682.29.67.160443TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: u75a1_003.exeAvira: detected
                    Antivirus detection for URL or domain
                    Source: http://107.174.192.179/data/003Avira URL Cloud: Label: malware
                    Found malware configuration
                    Source: 3.2.svchost.exe.2b5ce870000.0.unpackMalware Configuration Extractor: DarkVision Rat {"C2": "82.29.67.160", "Port": 443}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Windows\Temp\22v95X_1548.sysReversingLabs: Detection: 33%
                    Multi AV Scanner detection for submitted file
                    Source: u75a1_003.exeVirustotal: Detection: 39%Perma Link
                    Source: u75a1_003.exeReversingLabs: Detection: 63%
                    Joe Sandbox ML detected suspicious sample
                    Source: Submited SampleNeural Call Log Analysis: 99.9%
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_0041CFE0 CryptAcquireContextW,CryptCreateHash,WaitForSingleObject,CryptHashData,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptReleaseContext,CryptDestroyHash,0_2_0041CFE0
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8753B0 LocalAlloc,lstrcpyW,lstrcpyW,lstrcpyW,lstrcpyW,lstrcpyW,lstrcpyW,lstrcpyW,CryptBinaryToStringW,CryptBinaryToStringW,lstrcpyW,LocalFree,WaitForSingleObject,RtlExitUserThread,WaitForMultipleObjects,WaitForSingleObject,GetExitCodeProcess,WaitForSingleObject,WaitForSingleObject,CloseHandle,CloseHandle,LocalFree,LocalFree,CloseHandle,CloseHandle,3_2_000002B5CE8753B0
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE88DC00 CryptAcquireContextW,CryptCreateHash,WaitForSingleObject,CryptHashData,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptReleaseContext,CryptDestroyHash,3_2_000002B5CE88DC00
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE88DCF7 CryptReleaseContext,CryptDestroyHash,3_2_000002B5CE88DCF7
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE88DD1E CryptReleaseContext,CryptDestroyHash,3_2_000002B5CE88DD1E
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE88DD5A CryptReleaseContext,CryptDestroyHash,3_2_000002B5CE88DD5A
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE88DD8F CryptReleaseContext,CryptDestroyHash,3_2_000002B5CE88DD8F
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A282FC malloc,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,free,14_2_00A282FC
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A6F028 CryptGenRandom,14_2_00A6F028
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A6F078 CryptReleaseContext,14_2_00A6F078
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A171E8 CryptAcquireContextA,CryptCreateHash,14_2_00A171E8
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A171EA CryptAcquireContextA,CryptCreateHash,14_2_00A171EA
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A17244 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,14_2_00A17244
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A1E4C4 CryptAcquireContextA,CryptCreateHash,14_2_00A1E4C4
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A28478 CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,14_2_00A28478
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A1E510 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,14_2_00A1E510
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: -----BEGIN PUBLIC KEY-----14_2_00A2F214
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: -----BEGIN PUBLIC KEY-----14_2_00A03268
                    Source: tzutil.exeBinary or memory string: -----BEGIN PUBLIC KEY-----

                    Exploits

                    barindex
                    Yara detected UAC Bypass using CMSTP
                    Source: Yara matchFile source: 0.2.u75a1_003.exe.75bfc8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.svchost.exe.2b5ce870000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.u75a1_003.exe.75bfc8.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.u75a1_003.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.880146615.000000000075B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2136522765.000002B5CE8A8000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.879776216.0000000000434000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: u75a1_003.exe PID: 6236, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 6508, type: MEMORYSTR
                    Source: u75a1_003.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.26.8.202:443 -> 192.168.2.7:49695 version: TLS 1.2
                    Source: Binary string: C:\a\b\a_LWOJJGNK_\b\klsl\output\out_Win32\Release_Dat\klsl.pdbGCTL source: w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1847659716.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844143458.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.dr
                    Source: Binary string: \??\C:\Users\user~1\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*sNVD slot #32NVD slot #32 source: w32tm.exe, 00000011.00000002.2133785084.000000000051C000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\a\b\a_J2WO8YVT_\b\klsl\output\out_x64\Release_Dat\klsl.pdb source: 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\a_9AF7IKT4_\b\klsl\output\out_Win32\Release_Sys\klsl.pdbGCTL source: 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\d_00000000_\b\klmd\output\out_Win32\Release_Sys\klmd.pdbGCTL source: w32tm.exe, 00000011.00000003.1824904400.00000000022E3000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\a_UJHZC0YB_\b\klsl\output\out_x64\Release_Sys\klsl.pdbGCTL source: 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\a_LWOJJGNK_\b\klsl\output\out_Win32\Release_Dat\klsl.pdb source: w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1847659716.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844143458.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\a_UJHZC0YB_\b\klsl\output\out_x64\Release_Sys\klsl.pdb source: 3f2350f5.exe.17.dr
                    Source: Binary string: C:\Users\user~1\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: w32tm.exe, 00000011.00000002.2133785084.000000000051C000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\a\b\a_J2WO8YVT_\b\klsl\output\out_x64\Release_Dat\klsl.pdbGCTL source: 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\d_00000000_\b\klmd\output\out_Win32\Release_Sys\klmd.pdb source: w32tm.exe, 00000011.00000003.1824904400.00000000022E3000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\d_00000000_\b\klmd\output\out_x64\Release_Sys\klmd.pdbGCTL source: w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1847659716.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844143458.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\d_00000000_\b\klmd\output\out_Win32\Release_Dat\klmd.pdb source: 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\d_00000000_\b\klmd\output\out_x64\Release_Dat\klmd.pdbGCTL source: w32tm.exe, 00000011.00000003.1847659716.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\a_9AF7IKT4_\b\klsl\output\out_Win32\Release_Sys\klsl.pdb source: 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\d_00000000_\b\klmd\output\out_x64\Release_Sys\klmd.pdb source: w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1847659716.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844143458.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\c\g_4UV6QLON\r\product\removal_tools\output\out_Win32\Release\setup_kvrt.pdb source: w32tm.exe, 00000011.00000003.1809356710.00000000022E3000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\d_00000000_\b\klmd\output\out_x64\Release_Dat\klmd.pdb source: w32tm.exe, 00000011.00000003.1847659716.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\d_00000000_\b\klmd\output\out_Win32\Release_Dat\klmd.pdbGCTL source: 3f2350f5.exe.17.dr
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8797F0 SHGetKnownFolderPath,lstrlenW,CoTaskMemFree,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,Sleep,GetFileAttributesW,RemoveDirectoryW,Sleep,GetFileAttributesW,RemoveDirectoryW,Sleep,3_2_000002B5CE8797F0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A6F230 FindFirstFileA,HeapCreate,14_2_00A6F230
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A435CC FindFirstFileA,FindNextFileA,FindClose,14_2_00A435CC
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A61C54 __doserrno,_errno,_errno,__doserrno,FindFirstFileA,_errno,_errno,_errno,_errno,_errno,GetDriveTypeA,free,free,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,14_2_00A61C54

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49682 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49683 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49692 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49693 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49684 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49685 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49700 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49694 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49703 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49706 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49708 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49709 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49710 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49691 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49707 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49711 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49713 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49714 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49717 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49719 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49712 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49725 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49721 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49716 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49715 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49750 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49718 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49720 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49803 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49704 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49796 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49819 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49837 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49842 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49830 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49851 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49862 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49873 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49890 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49897 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49904 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49916 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49923 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49929 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49933 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49937 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49945 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49953 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49958 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49962 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49972 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49965 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:50004 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:50011 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:50019 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:50025 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49981 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49989 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:50036 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49879 -> 82.29.67.160:443
                    Source: Network trafficSuricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.7:49920 -> 82.29.67.160:443
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorIPs: 82.29.67.160
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.22.1Date: Sat, 29 Mar 2025 13:41:14 GMTContent-Type: application/octet-streamContent-Length: 2050048Last-Modified: Fri, 28 Mar 2025 06:51:27 GMTConnection: keep-aliveETag: "67e646ef-1f4800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 08 00 14 fa ce 67 00 00 00 00 00 00 00 00 f0 00 23 00 0b 02 09 00 00 ba 00 00 00 62 1a 00 00 00 00 00 74 1e 40 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 70 44 00 00 04 00 00 00 00 00 00 02 00 00 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 30 3d 26 00 3c 00 00 00 00 00 43 00 9e 64 01 00 60 ca 42 00 90 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 25 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c2 b9 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 44 2a 00 00 00 d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 80 ba 18 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 c8 07 00 00 00 c0 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 67 73 30 00 00 00 00 00 08 3f 0b 00 00 d0 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 67 73 31 00 00 00 00 00 50 00 00 00 00 10 25 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 67 73 32 00 00 00 00 00 f0 da 1d 00 00 20 25 00 00 dc 1d 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 68 2e 72 73 72 63 00 00 00 9e 64 01 00 00 00 43 00 00 66 01 00 00 e2 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdg#bt@@pD0=&<Cd`B0% .text
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.22.1Date: Sat, 29 Mar 2025 13:41:48 GMTContent-Type: application/octet-streamContent-Length: 1400832Last-Modified: Sat, 22 Mar 2025 01:09:32 GMTConnection: keep-aliveETag: "67de0dcc-156000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 08 00 bc 0b de 67 00 00 00 00 00 00 00 00 f0 00 23 00 0b 02 09 00 00 3a 07 00 00 ca 01 00 00 00 00 00 41 3f 2a 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 d0 2b 00 00 04 00 00 5f c9 15 00 02 00 00 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 b9 24 00 a0 00 00 00 00 c0 2b 00 b2 01 00 00 a0 4f 2b 00 bc 67 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 16 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f5 38 07 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 92 52 01 00 00 50 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 64 6d 00 00 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 f4 3e 00 00 00 20 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 73 30 30 00 00 00 00 00 68 ee 0c 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 73 30 31 00 00 00 00 00 a0 00 00 00 00 50 16 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 73 30 32 00 00 00 00 00 5c 57 15 00 00 60 16 00 00 58 15 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 68 2e 72 73 72 63 00 00 00 b2 01 00 00 00 c0 2b 00 00 02 00 00 00 5e 15 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdg#:A?*@+_@$+O+gPp.text8
                    Source: Joe Sandbox ViewIP Address: 4.28.136.57 4.28.136.57
                    Source: Joe Sandbox ViewIP Address: 104.26.8.202 104.26.8.202
                    Source: Joe Sandbox ViewIP Address: 107.174.192.179 107.174.192.179
                    Source: Joe Sandbox ViewASN Name: NTLGB NTLGB
                    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49695 -> 104.26.8.202:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49698 -> 104.26.8.202:443
                    Source: global trafficHTTP traffic detected: GET /ZATFQO HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: grabify.link
                    Source: global trafficHTTP traffic detected: GET /images/pixel.png HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: grabify.linkCookie: g_session=eyJpdiI6ImE1NGsrWTR1OElPMVJyYng4dU1ReFE9PSIsInZhbHVlIjoiNVhCRUxqZDJZdUp3N1U3c3RaQkZTblBUQnlXRjhPTkhTRm1vTTczc25ZQnRDL0cydHJYdWpyY3lSUkNlNzV4eG5TVldrMHJjd3EraTJYQ3d5MFBVYUttVEQxY29EOUxkWnBva1FVaFF0alpDSENud1pTWEhNUndlS1Q3UGFQVmEiLCJtYWMiOiIyOTA4YWM1ZjNhYjQzNDc2MjQyYzNjOWIyMTIwNjJmYmQ2NmQyN2I3YWZiMjc5MjQ2YTE2MWNjYmI2YWEyNGI5IiwidGFnIjoiIn0%3D; XSRF-TOKEN=eyJpdiI6InRJa0I4NHBEZFU1U2dMYjNkdzMzb2c9PSIsInZhbHVlIjoiWUdEaC9TemE2c1h2KzAwekpZYk52b0JMOGJ3WWJOT3B5c05oZC9hRkNTbXVnL2lpekhQNGVDNXBHd3oyWFA0eCsyRVBEZnVXdktaV1lEdXRHM1htVHJCTFVRK2dEZVBRRllLQ0lIREpwbzl5bm13OTNERWpwdDcwdUIzVklXem4iLCJtYWMiOiI0NGY5Y2FiZWNjOGViMjNjOTBmNjRkNzM2M2E1ZDViZDNkNjViM2JhMTM5OGU2NTBhY2NmYjZhN2Y3NjM1ZjJlIiwidGFnIjoiIn0%3D
                    Source: global trafficHTTP traffic detected: HEAD /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=0-0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=32768-49151User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=81920-98303User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=114688-131071User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=65536-81919User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=98304-114687User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=16384-32767User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=163840-196607User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=131072-163839User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=49152-65535User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=0-16383User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=196608-204799User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=204800-212991User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=212992-221183User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=311296-327679User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=286720-294911User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=221184-286719User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=294912-311295User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=327680-335871User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=335872-352255User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=352256-368639User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=368640-376831User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=376832-393215User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=475136-491519User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=393216-425983User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=442368-475135User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=425984-442367User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=491520-622591User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=622592-655359User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=655360-688127User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=753664-819199User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=819200-851967User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=688128-753663User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=851968-917503User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1310720-1441791User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1441792-1572863User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1179648-1310719User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1581056-1597439User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=917504-1179647User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1597440-1630207User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1630208-1638399User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1638400-1900543User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1916928-1982463User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1900544-1916927User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1572864-1581055User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1982464-1998847User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2002944-2035711User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1998848-2002943User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2035712-2043903User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2043904-2174975User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2174976-2306047User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2306048-2314239User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2314240-2379775User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2379776-2396159User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2469888-2486271User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2519040-2551807User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2551808-2617343User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2617344-2682879User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2682880-2748415User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2461696-2469887User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2486272-2519039User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2748416-2781183User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2396160-2461695User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2781184-2846719User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2846720-2850815User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2850816-2867199User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2867200-2883583User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2883584-2916351User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2916352-2924543User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2957312-2990079User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2990080-3022847User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3022848-3088383User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3088384-3104767User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3104768-3170303User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3170304-3235839User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2924544-2957311User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3366912-3399679User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3399680-3432447User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3432448-3465215User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3465216-3530751User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3530752-3547135User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3235840-3366911User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3547136-3563519User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3563520-3629055User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3629056-3661823User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3661824-3694591User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3694592-3825663User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3825664-3858431User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3923968-3956735User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3956736-4087807User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4087808-4153343User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4153344-4218879User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4218880-4284415User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4284416-4349951User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4349952-4415487User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4415488-4448255User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4448256-4579327User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3858432-3923967User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4644864-4677631User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4677632-4710399User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4710400-4775935User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4579328-4644863User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4775936-4841471User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4841472-4874239User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4939776-4972543User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4972544-5103615User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=5103616-5234687User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=5234688-5267455User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=5267456-5300223User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=5300224-5365759User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=5365760-5627903User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4874240-4939775User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=5955584-6021119User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6021120-6037503User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6037504-6070271User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=5627904-5693439User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=5693440-5955583User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6201344-6266879User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6070272-6201343User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6266880-6332415User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6332416-6365183User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6365184-6397951User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6397952-6529023User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6529024-6594559User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6594560-6856703User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6856704-6873087User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6873088-7004159User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7036928-7069695User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7004160-7036927User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7069696-7200767User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7200768-7233535User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7233536-7364607User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7364608-7430143User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7430144-7446527User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7446528-7512063User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7512064-7528447User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7528448-7561215User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7561216-7593983User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7593984-7725055User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7725056-7856127User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7856128-7921663User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8052736-8118271User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8118272-8183807User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8183808-8314879User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8314880-8380415User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7921664-8052735User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8380416-8445951User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8445952-8577023User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8577024-8642559User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8642560-8708095User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8708096-8839167User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8839168-8871935User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8871936-9003007User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9003008-9068543User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9068544-9084927User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9084928-9215999User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9281536-9314303User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9347072-9412607User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9412608-9478143User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9478144-9510911User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9216000-9281535User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9510912-9576447User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9576448-9641983User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9314304-9347071User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9641984-9773055User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9773056-9805823User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9805824-9936895User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9936896-9969663User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9969664-10035199User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10035200-10067967User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10067968-10084351User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10084352-10149887User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10149888-10215423User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10215424-10280959User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10280960-10346495User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10412032-10543103User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10543104-10575871User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10575872-10592255User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10346496-10379263User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10379264-10412031User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10592256-10625023User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10657792-10723327User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10625024-10641407User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10641408-10657791User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10723328-10788863User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10788864-10821631User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10821632-10838015User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10838016-10846207User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10846208-10878975User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10878976-10911743User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10911744-10977279User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10977280-10993663User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10993664-11059199User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11124736-11157503User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11157504-11223039User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11223040-11255807User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11255808-11263999User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11264000-11296767User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11296768-11362303User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11378688-11444223User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11059200-11124735User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11444224-11509759User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11362304-11378687User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11509760-11542527User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11542528-11575295User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11575296-11608063User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11608064-11640831User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11640832-11649023User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11649024-11681791User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11681792-11747327User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11747328-11763711User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11763712-11829247User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11894784-11927551User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11927552-11943935User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=12075008-12206079User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=12206080-12238847User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11829248-11894783User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /data/003 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: 107.174.192.179
                    Source: global trafficHTTP traffic detected: GET /clean HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: 107.174.192.179
                    Source: global trafficHTTP traffic detected: HEAD /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=0-0User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=32768-49151User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=49152-65535User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=81920-98303User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=98304-114687User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=114688-131071User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=131072-163839User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=163840-196607User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=196608-229375User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=229376-262143User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=262144-294911User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=294912-360447User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=360448-425983User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=425984-491519User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=491520-557055User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=557056-622591User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=65536-81919User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=16384-32767User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=0-16383User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=622592-753663User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=753664-884735User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=884736-1015807User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=1015808-1146879User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=1146880-1277951User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=1277952-1540095User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=1540096-1802239User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=1802240-2064383User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2064384-2072575User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2072576-2080767User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2080768-2097151User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2097152-2359295User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2359296-2375679User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2375680-2408447User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2408448-2670591User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2080768-2097151User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2670592-2736127User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2736128-2867199User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2867200-3129343User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3129344-3260415User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3260416-3268607User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3268608-3399679User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3399680-3530751User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3260416-3268607User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3530752-3538943User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3538944-3555327User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3555328-3588095User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3588096-3592191User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3592192-3657727User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3657728-3665919User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3665920-3796991User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3796992-3862527User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3862528-3993599User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3993600-4009983User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4009984-4026367User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4026368-4059135User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4009984-4026367User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4059136-4091903User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4091904-4157439User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4157440-4222975User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4222976-4231167User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4231168-4362239User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4362240-4427775User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4427776-4460543User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4460544-4526079User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4526080-4558847User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4558848-4575231User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4575232-4706303User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4526080-4558847User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4706304-4739071User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4739072-4804607User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4804608-4820991User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4820992-4886527User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4886528-4919295User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4919296-5050367User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5050368-5083135User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5083136-5214207User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5214208-5230591User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5230592-5296127User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5296128-5328895User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5328896-5345279User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5345280-5378047User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5378048-5394431User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5394432-5427199User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5427200-5558271User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5558272-5591039User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5591040-5606383User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: unknownTCP traffic detected without corresponding DNS query: 107.174.192.179
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8934A0 recv,3_2_000002B5CE8934A0
                    Source: global trafficHTTP traffic detected: GET /ZATFQO HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: grabify.link
                    Source: global trafficHTTP traffic detected: GET /images/pixel.png HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: grabify.linkCookie: g_session=eyJpdiI6ImE1NGsrWTR1OElPMVJyYng4dU1ReFE9PSIsInZhbHVlIjoiNVhCRUxqZDJZdUp3N1U3c3RaQkZTblBUQnlXRjhPTkhTRm1vTTczc25ZQnRDL0cydHJYdWpyY3lSUkNlNzV4eG5TVldrMHJjd3EraTJYQ3d5MFBVYUttVEQxY29EOUxkWnBva1FVaFF0alpDSENud1pTWEhNUndlS1Q3UGFQVmEiLCJtYWMiOiIyOTA4YWM1ZjNhYjQzNDc2MjQyYzNjOWIyMTIwNjJmYmQ2NmQyN2I3YWZiMjc5MjQ2YTE2MWNjYmI2YWEyNGI5IiwidGFnIjoiIn0%3D; XSRF-TOKEN=eyJpdiI6InRJa0I4NHBEZFU1U2dMYjNkdzMzb2c9PSIsInZhbHVlIjoiWUdEaC9TemE2c1h2KzAwekpZYk52b0JMOGJ3WWJOT3B5c05oZC9hRkNTbXVnL2lpekhQNGVDNXBHd3oyWFA0eCsyRVBEZnVXdktaV1lEdXRHM1htVHJCTFVRK2dEZVBRRllLQ0lIREpwbzl5bm13OTNERWpwdDcwdUIzVklXem4iLCJtYWMiOiI0NGY5Y2FiZWNjOGViMjNjOTBmNjRkNzM2M2E1ZDViZDNkNjViM2JhMTM5OGU2NTBhY2NmYjZhN2Y3NjM1ZjJlIiwidGFnIjoiIn0%3D
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=32768-49151User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=81920-98303User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=114688-131071User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=65536-81919User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=98304-114687User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=16384-32767User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=163840-196607User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=131072-163839User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=49152-65535User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=0-16383User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=196608-204799User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=204800-212991User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=212992-221183User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=311296-327679User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=286720-294911User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=221184-286719User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=294912-311295User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=327680-335871User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=335872-352255User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=352256-368639User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=368640-376831User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=376832-393215User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=475136-491519User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=393216-425983User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=442368-475135User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=425984-442367User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=491520-622591User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=622592-655359User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=655360-688127User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=753664-819199User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=819200-851967User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=688128-753663User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=851968-917503User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1310720-1441791User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1441792-1572863User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1179648-1310719User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1581056-1597439User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=917504-1179647User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1597440-1630207User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1630208-1638399User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1638400-1900543User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1916928-1982463User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1900544-1916927User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1572864-1581055User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1982464-1998847User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2002944-2035711User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=1998848-2002943User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2035712-2043903User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2043904-2174975User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2174976-2306047User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2306048-2314239User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2314240-2379775User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2379776-2396159User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2469888-2486271User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2519040-2551807User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2551808-2617343User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2617344-2682879User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2682880-2748415User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2461696-2469887User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2486272-2519039User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2748416-2781183User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2396160-2461695User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2781184-2846719User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2846720-2850815User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2850816-2867199User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2867200-2883583User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2883584-2916351User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2916352-2924543User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2957312-2990079User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2990080-3022847User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3022848-3088383User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3088384-3104767User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3104768-3170303User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3170304-3235839User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=2924544-2957311User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3366912-3399679User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3399680-3432447User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3432448-3465215User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3465216-3530751User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3530752-3547135User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3235840-3366911User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3547136-3563519User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3563520-3629055User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3629056-3661823User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3661824-3694591User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3694592-3825663User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3825664-3858431User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3923968-3956735User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3956736-4087807User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4087808-4153343User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4153344-4218879User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4218880-4284415User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4284416-4349951User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4349952-4415487User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4415488-4448255User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4448256-4579327User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=3858432-3923967User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4644864-4677631User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4677632-4710399User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4710400-4775935User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4579328-4644863User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4775936-4841471User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4841472-4874239User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4939776-4972543User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4972544-5103615User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=5103616-5234687User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=5234688-5267455User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=5267456-5300223User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=5300224-5365759User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=5365760-5627903User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=4874240-4939775User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=5955584-6021119User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6021120-6037503User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6037504-6070271User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=5627904-5693439User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=5693440-5955583User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6201344-6266879User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6070272-6201343User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6266880-6332415User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6332416-6365183User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6365184-6397951User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6397952-6529023User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6529024-6594559User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6594560-6856703User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6856704-6873087User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=6873088-7004159User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7036928-7069695User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7004160-7036927User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7069696-7200767User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7200768-7233535User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7233536-7364607User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7364608-7430143User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7430144-7446527User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7446528-7512063User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7512064-7528447User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7528448-7561215User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7561216-7593983User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7593984-7725055User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7725056-7856127User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7856128-7921663User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8052736-8118271User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8118272-8183807User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8183808-8314879User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8314880-8380415User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=7921664-8052735User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8380416-8445951User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8445952-8577023User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8577024-8642559User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8642560-8708095User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8708096-8839167User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8839168-8871935User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=8871936-9003007User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9003008-9068543User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9068544-9084927User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9084928-9215999User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9281536-9314303User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9347072-9412607User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9412608-9478143User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9478144-9510911User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9216000-9281535User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9510912-9576447User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9576448-9641983User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9314304-9347071User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9641984-9773055User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9773056-9805823User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9805824-9936895User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9936896-9969663User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=9969664-10035199User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10035200-10067967User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10067968-10084351User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10084352-10149887User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10149888-10215423User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10215424-10280959User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10280960-10346495User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10412032-10543103User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10543104-10575871User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10575872-10592255User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10346496-10379263User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10379264-10412031User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10592256-10625023User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10657792-10723327User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10625024-10641407User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10641408-10657791User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10723328-10788863User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10788864-10821631User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10821632-10838015User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10838016-10846207User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10846208-10878975User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10878976-10911743User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10911744-10977279User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10977280-10993663User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=10993664-11059199User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11124736-11157503User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11157504-11223039User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11223040-11255807User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11255808-11263999User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11264000-11296767User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11296768-11362303User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11378688-11444223User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11059200-11124735User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11444224-11509759User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11362304-11378687User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11509760-11542527User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11542528-11575295User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11575296-11608063User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11608064-11640831User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11640832-11649023User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11649024-11681791User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11681792-11747327User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11747328-11763711User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11763712-11829247User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11894784-11927551User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11927552-11943935User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=12075008-12206079User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=12206080-12238847User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /devbuilds/KVRT/latest/full/KVRT.exe HTTP/1.1Host: devbuilds.s.kaspersky-labs.comRange: bytes=11829248-11894783User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.808.57Accept: */*
                    Source: global trafficHTTP traffic detected: GET /data/003 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: 107.174.192.179
                    Source: global trafficHTTP traffic detected: GET /clean HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: 107.174.192.179
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=32768-49151User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=49152-65535User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=81920-98303User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=98304-114687User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=114688-131071User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=131072-163839User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=163840-196607User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=196608-229375User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=229376-262143User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=262144-294911User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=294912-360447User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=360448-425983User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=425984-491519User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=491520-557055User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=557056-622591User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=65536-81919User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=16384-32767User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=0-16383User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=622592-753663User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=753664-884735User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=884736-1015807User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=1015808-1146879User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=1146880-1277951User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=1277952-1540095User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=1540096-1802239User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=1802240-2064383User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2064384-2072575User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2072576-2080767User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2080768-2097151User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2097152-2359295User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2359296-2375679User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2375680-2408447User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2408448-2670591User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2080768-2097151User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2670592-2736127User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2736128-2867199User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=2867200-3129343User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3129344-3260415User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3260416-3268607User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3268608-3399679User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3399680-3530751User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3260416-3268607User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3530752-3538943User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3538944-3555327User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3555328-3588095User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3588096-3592191User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3592192-3657727User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3657728-3665919User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3665920-3796991User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3796992-3862527User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3862528-3993599User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=3993600-4009983User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4009984-4026367User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4026368-4059135User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4009984-4026367User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4059136-4091903User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4091904-4157439User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4157440-4222975User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4222976-4231167User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4231168-4362239User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4362240-4427775User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4427776-4460543User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4460544-4526079User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4526080-4558847User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4558848-4575231User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4575232-4706303User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4526080-4558847User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4706304-4739071User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4739072-4804607User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4804608-4820991User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4820992-4886527User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4886528-4919295User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=4919296-5050367User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5050368-5083135User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5083136-5214207User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5214208-5230591User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5230592-5296127User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5296128-5328895User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5328896-5345279User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5345280-5378047User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5378048-5394431User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5394432-5427199User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5427200-5558271User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5558272-5591039User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficHTTP traffic detected: GET /003/01/d1 HTTP/1.1Host: 104.168.28.10Range: bytes=5591040-5606383User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:21.0) Gecko/20100101 Firefox/10.3Accept: */*
                    Source: global trafficDNS traffic detected: DNS query: grabify.link
                    Source: global trafficDNS traffic detected: DNS query: devbuilds.s.kaspersky-labs.com
                    Source: tzutil.exe, 0000000E.00000003.1859725417.000000000234B000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000002.1882272874.0000000000553000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.28.10/003/01/d1
                    Source: tzutil.exe, 0000000E.00000002.1882756067.0000000002320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.28.10/003/01/d1&u
                    Source: tzutil.exe, 0000000E.00000002.1882756067.0000000002320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.28.10/003/01/d1)u
                    Source: tzutil.exe, 0000000E.00000003.1862030906.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1871402835.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1864261846.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1860362820.0000000002351000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1871576553.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1859725417.000000000234B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.28.10/003/01/d15
                    Source: tzutil.exe, 0000000E.00000003.1862030906.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1871402835.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1864261846.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1860362820.0000000002351000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1871576553.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1859725417.000000000234B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.28.10/003/01/d16
                    Source: tzutil.exe, 0000000E.00000002.1882756067.0000000002320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.28.10/003/01/d18u
                    Source: tzutil.exe, 0000000E.00000003.1862030906.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1871402835.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1864261846.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1860362820.0000000002351000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1871576553.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1859725417.000000000234B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.28.10/003/01/d1:
                    Source: tzutil.exe, 0000000E.00000003.1862030906.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1871402835.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1864261846.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1860362820.0000000002351000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1871576553.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1859725417.000000000234B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.28.10/003/01/d1J
                    Source: tzutil.exe, 0000000E.00000002.1882272874.0000000000553000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.28.10/003/01/d1ONTDESK-
                    Source: tzutil.exe, 0000000E.00000003.1862030906.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1871402835.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1864261846.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1860362820.0000000002351000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1871576553.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1859725417.000000000234B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.28.10/003/01/d1S
                    Source: tzutil.exe, 0000000E.00000003.1871402835.0000000002354000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.28.10/003/01/d1_
                    Source: tzutil.exe, 0000000E.00000003.1862030906.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1871402835.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1864261846.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1860362820.0000000002351000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000002.1882756067.0000000002320000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1871576553.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1859725417.000000000234B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.28.10/003/01/d1q
                    Source: tzutil.exe, 0000000E.00000003.1862030906.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1871402835.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1864261846.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1860362820.0000000002351000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1871576553.0000000002354000.00000004.00000020.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000003.1859725417.000000000234B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://104.168.28.10/003/01/d1w
                    Source: u75a1_003.exe, 00000000.00000002.879797903.0000000000475000.00000004.00000001.01000000.00000003.sdmp, svchost.exe, 00000003.00000002.2136607088.000002B5CE8D3000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.2135993886.000002B5CCEDF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.2136607088.000002B5CE8CF000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.2135468079.000002B5CCE8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.174.192.179/clean
                    Source: u75a1_003.exe, 00000000.00000002.879797903.0000000000475000.00000004.00000001.01000000.00000003.sdmp, svchost.exe, 00000003.00000002.2136607088.000002B5CE8D3000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.2135993886.000002B5CCEDF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.2136607088.000002B5CE8CF000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.2133724271.000000C9E10F6000.00000004.00000010.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.2135468079.000002B5CCE8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.174.192.179/data/003
                    Source: w32tm.exe, 00000011.00000003.1844269180.0000000002249000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
                    Source: w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844269180.0000000002249000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                    Source: w32tm.exe, 00000011.00000003.1844269180.000000000221C000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1825375078.0000000002243000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                    Source: w32tm.exe, 00000011.00000003.1814861088.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1809543128.0000000002246000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1817876178.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844143458.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
                    Source: w32tm.exe, 00000011.00000003.1814861088.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1809543128.0000000002246000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1817876178.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844143458.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
                    Source: w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                    Source: w32tm.exe, 00000011.00000003.1814861088.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844269180.000000000221C000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1817876178.0000000002249000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                    Source: w32tm.exe, 00000011.00000003.1844269180.000000000221C000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                    Source: powershell.exe, 00000014.00000002.1982022168.000002247D5CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
                    Source: powershell.exe, 00000014.00000002.1979586036.000002247D43C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                    Source: powershell.exe, 00000014.00000002.1979586036.000002247D43C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro/pki/crl/productCerAut_2010-06-2
                    Source: svchost.exe, 00000007.00000002.2142943260.000002B37A4E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microso
                    Source: tzutil.exe, 0000000E.00000003.1877645486.0000000002D68000.00000004.00000020.00020000.00000000.sdmp, 22v95X_1548.sys.14.drString found in binary or memory: http://crl.thawte.com/ThawtePCA.crl0
                    Source: svchost.exe, 00000007.00000002.2141322624.000002B37A400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                    Source: w32tm.exe, 00000011.00000003.1844269180.000000000221C000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1825375078.0000000002243000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: w32tm.exe, 00000011.00000003.1844269180.0000000002249000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844269180.0000000002249000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                    Source: w32tm.exe, 00000011.00000003.1814861088.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1809543128.0000000002246000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1817876178.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844143458.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                    Source: w32tm.exe, 00000011.00000003.1814861088.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844269180.000000000221C000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1817876178.0000000002249000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                    Source: w32tm.exe, 00000011.00000003.1844269180.000000000221C000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                    Source: w32tm.exe, 00000011.00000003.1814861088.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1809543128.0000000002246000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1817876178.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844143458.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
                    Source: w32tm.exe, 00000011.00000003.1844269180.0000000002249000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
                    Source: w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                    Source: w32tm.exe, 00000011.00000003.1844269180.0000000002249000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844269180.0000000002249000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: w32tm.exe, 00000011.00000003.1814861088.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1809543128.0000000002246000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1817876178.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844143458.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                    Source: w32tm.exe, 00000011.00000003.1814861088.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1809543128.0000000002246000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1817876178.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844143458.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
                    Source: w32tm.exe, 00000011.00000003.1844269180.0000000002249000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
                    Source: w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                    Source: tzutil.exe, 0000000E.00000003.1877645486.0000000002D68000.00000004.00000020.00020000.00000000.sdmp, 22v95X_1548.sys.14.drString found in binary or memory: http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
                    Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                    Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                    Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                    Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                    Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                    Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                    Source: edb.log.7.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                    Source: powershell.exe, 00000012.00000002.1786168324.000001EA1562A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.1962517710.000002241006A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                    Source: w32tm.exe, 00000011.00000003.1844269180.000000000221C000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://ocsp.digicert.com0A
                    Source: w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844269180.000000000221C000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844269180.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1825375078.0000000002243000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://ocsp.digicert.com0C
                    Source: w32tm.exe, 00000011.00000003.1814861088.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1809543128.0000000002246000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1817876178.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844143458.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://ocsp.digicert.com0H
                    Source: w32tm.exe, 00000011.00000003.1814861088.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1809543128.0000000002246000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1817876178.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844143458.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://ocsp.digicert.com0I
                    Source: w32tm.exe, 00000011.00000003.1844269180.0000000002249000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://ocsp.digicert.com0L
                    Source: w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://ocsp.digicert.com0O
                    Source: w32tm.exe, 00000011.00000003.1814861088.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844269180.000000000221C000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1817876178.0000000002249000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://ocsp.digicert.com0X
                    Source: tzutil.exe, 0000000E.00000003.1877645486.0000000002D68000.00000004.00000020.00020000.00000000.sdmp, 22v95X_1548.sys.14.drString found in binary or memory: http://ocsp.thawte.com0
                    Source: powershell.exe, 00000014.00000002.1901070842.0000022400228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                    Source: powershell.exe, 00000012.00000002.1761650064.000001EA057E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.1901070842.0000022400228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                    Source: powershell.exe, 00000012.00000002.1761650064.000001EA055C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.1901070842.0000022400001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: powershell.exe, 00000012.00000002.1761650064.000001EA057E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.1901070842.0000022400228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                    Source: powershell.exe, 00000014.00000002.1901070842.0000022400228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                    Source: w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://www.digicert.com/CPS0
                    Source: w32tm.exe, 00000011.00000003.1814861088.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1809543128.0000000002246000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1817876178.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844269180.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844143458.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                    Source: powershell.exe, 00000014.00000002.1979586036.000002247D43C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.micom/pki/certs/Miut_2010-06-23.cr
                    Source: powershell.exe, 00000012.00000002.1794023628.000001EA1DAB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.wP
                    Source: powershell.exe, 00000012.00000002.1761650064.000001EA055C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.1901070842.0000022400001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                    Source: powershell.exe, 00000014.00000002.1962517710.000002241006A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                    Source: powershell.exe, 00000014.00000002.1962517710.000002241006A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                    Source: powershell.exe, 00000014.00000002.1962517710.000002241006A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                    Source: tzutil.exe, tzutil.exe, 0000000E.00000002.1882610063.00000000009F0000.00000040.00000001.00020000.00000000.sdmp, tzutil.exe, 0000000E.00000002.1884513789.0000000140010000.00000004.00000001.01000000.00000007.sdmp, w32tm.exe, w32tm.exe, 00000011.00000002.2143834476.0000000140075000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
                    Source: tzutil.exe, w32tm.exeString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html#
                    Source: w32tm.exe, 00000011.00000003.1767268753.00000000022A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-l
                    Source: w32tm.exe, 00000011.00000003.1778506697.0000000002262000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1767729559.0000000002265000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/fu
                    Source: w32tm.exe, 00000011.00000003.1778506697.0000000002262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/fuVny
                    Source: w32tm.exe, 00000011.00000003.1767729559.0000000002265000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/fuany
                    Source: w32tm.exe, 00000011.00000003.1773036051.000000000224E000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1802537923.000000000224E000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1834229284.0000000002243000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1952301790.000000000226B000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1761120003.000000000220D000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844269180.0000000002236000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1838159304.0000000002236000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1773036051.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1833306609.0000000002236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe
                    Source: w32tm.exe, 00000011.00000003.1814861088.0000000002231000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1810129251.0000000002231000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe(
                    Source: w32tm.exe, 00000011.00000002.2137212645.0000000002303000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe6
                    Source: w32tm.exe, 00000011.00000003.1794778059.0000000002256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe8134241Z0i1
                    Source: w32tm.exe, 00000011.00000003.2019224843.000000000226C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exeB
                    Source: w32tm.exe, 00000011.00000003.1826250939.0000000002271000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exeD
                    Source: w32tm.exe, 00000011.00000003.1783602304.000000000224E000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1784479591.000000000224E000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1785236940.000000000224E000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1794778059.0000000002256000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1786136556.0000000002253000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1785338958.000000000224E000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1784856200.000000000224E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exeJ
                    Source: w32tm.exe, 00000011.00000003.1841406519.0000000002271000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exeN
                    Source: w32tm.exe, 00000011.00000003.1793741430.000000000226B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exeS
                    Source: w32tm.exe, 00000011.00000003.1776545400.000000000224E000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1767729559.000000000224E000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1777535877.000000000224E000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1773036051.000000000224E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exeY
                    Source: w32tm.exe, 00000011.00000002.2135353344.0000000002210000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exeecko)
                    Source: w32tm.exe, 00000011.00000002.2135353344.000000000224E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exer
                    Source: w32tm.exe, 00000011.00000003.1794778059.0000000002256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exev
                    Source: w32tm.exe, 00000011.00000003.1790412489.0000000002263000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1793741430.000000000226B000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1785426449.000000000226C000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1786136556.000000000226C000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1785097694.000000000226B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exex
                    Source: w32tm.exe, 00000011.00000003.1783602304.000000000224E000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1784479591.000000000224E000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1785236940.000000000224E000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1786136556.0000000002253000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1785338958.000000000224E000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1784856200.000000000224E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe~
                    Source: edb.log.7.drString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
                    Source: svchost.exe, 00000007.00000003.1203146319.000002B37A250000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.7.dr, edb.log.7.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
                    Source: powershell.exe, 00000014.00000002.1901070842.0000022400228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                    Source: powershell.exe, 00000012.00000002.1793099280.000001EA1D9EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.microsoft.cox
                    Source: svchost.exe, 00000003.00000002.2135993886.000002B5CCEDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grabify.link/
                    Source: tzutil.exe, 0000000E.00000002.1882913186.0000000002334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grabify.link/U7WLGD
                    Source: u75a1_003.exe, 00000000.00000002.879797903.0000000000475000.00000004.00000001.01000000.00000003.sdmp, svchost.exe, 00000003.00000002.2136607088.000002B5CE8D3000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.2135993886.000002B5CCEDF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.2136607088.000002B5CE8CF000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.2135468079.000002B5CCE8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grabify.link/ZATFQO
                    Source: svchost.exe, 00000003.00000002.2135993886.000002B5CCEDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grabify.link/images/pixel.png
                    Source: svchost.exe, 00000003.00000002.2135993886.000002B5CCEDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grabify.link/images/pixel.pngLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedExp
                    Source: 3f2350f5.exe.17.drString found in binary or memory: https://kas.pr/KRD_en)Error
                    Source: 3f2350f5.exe.17.drString found in binary or memory: https://kas.pr/KRD_en)ErrorError
                    Source: 3f2350f5.exe.17.drString found in binary or memory: https://kas.pr/KRD_ru)
                    Source: 3f2350f5.exe.17.drString found in binary or memory: https://kas.pr/KVRT2015)
                    Source: powershell.exe, 00000012.00000002.1786168324.000001EA1562A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.1962517710.000002241006A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                    Source: qmgr.db.7.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe1C:
                    Source: w32tm.exe, 00000011.00000003.1814861088.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1809543128.0000000002246000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1817876178.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844269180.0000000002249000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844143458.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.drString found in binary or memory: https://www.digicert.com/CPS0
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49685
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49684
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49683
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49682
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                    Source: unknownHTTPS traffic detected: 104.26.8.202:443 -> 192.168.2.7:49695 version: TLS 1.2
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE882310 WaitForSingleObject,RtlExitUserThread,GetAsyncKeyState,Sleep,OpenEventW,SetEvent,CloseHandle,RtlExitUserThread,3_2_000002B5CE882310

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.u75a1_003.exe.75bfc8.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                    Source: 3.2.svchost.exe.2b5ce870000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                    Source: 0.2.u75a1_003.exe.75bfc8.1.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                    Source: 0.2.u75a1_003.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_00410FF6 NtMapViewOfSection,NtCreateSection,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,0_2_00410FF6
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_00406DB1 GetCurrentProcess,CreateProcessW,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,GetThreadContext,WriteProcessMemory,SetThreadContext,ResumeThread,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,NtClose,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,CloseHandle,CloseHandle,0_2_00406DB1
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8811A4 CloseHandle,NtUnmapViewOfSection,NtClose,NtUnmapViewOfSection,NtClose,NtUnmapViewOfSection,NtClose,TerminateProcess,CloseHandle,CloseHandle,3_2_000002B5CE8811A4
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE877940 GetCurrentProcess,CreateProcessW,NtCreateSection,GetCurrentProcess,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,GetCurrentProcess,NtMapViewOfSection,NtMapViewOfSection,GetThreadContext,SetThreadContext,ResumeThread,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,NtClose,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,CloseHandle,CloseHandle,TerminateProcess,3_2_000002B5CE877940
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE880740 CreateProcessW,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,NtCreateSection,GetCurrentProcess,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,GetCurrentProcess,NtMapViewOfSection,NtMapViewOfSection,LoadLibraryW,GetProcAddress,GetProcAddress,lstrcpyW,lstrcpyW,lstrcpyA,lstrcpyA,lstrcpyA,lstrcpyA,lstrcpyA,lstrcpyA,lstrcpyA,lstrcpyA,lstrcpyA,NtCreateSection,GetCurrentProcess,NtMapViewOfSection,NtMapViewOfSection,CreateEventW,RtlCreateUserThread,WaitForSingleObject,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,NtClose,NtClose,CloseHandle,TerminateProcess,CloseHandle,CloseHandle,CloseHandle,NtUnmapViewOfSection,NtClose,NtUnmapViewOfSection,NtClose,NtUnmapViewOfSection,NtClose,TerminateProcess,CloseHandle,CloseHandle,3_2_000002B5CE880740
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_009F5D7C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,GetModuleHandleA,GetProcAddress,RegOpenKeyA,wsprintfA,RegCreateKeyA,RegSetValueExA,RegSetValueExA,RegSetValueExA,wsprintfA,RegSetValueExA,MultiByteToWideChar,wsprintfW,NtLoadDriver,RegCloseKey,RegCloseKey,14_2_009F5D7C
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_009F5D7C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,GetModuleHandleA,GetProcAddress,RegOpenKeyA,wsprintfA,RegCreateKeyA,RegSetValueExA,RegSetValueExA,RegSetValueExA,wsprintfA,RegSetValueExA,MultiByteToWideChar,wsprintfW,NtLoadDriver,RegCloseKey,RegCloseKey,14_2_009F5D7C
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeFile created: C:\Windows\Temp\22v95X_1548.sysJump to behavior
                    Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeFile deleted: C:\Windows\Temp\22v95X_1548.sysJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_0040E1C80_2_0040E1C8
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_004258F70_2_004258F7
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8923403_2_000002B5CE892340
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE877EF03_2_000002B5CE877EF0
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE895E503_2_000002B5CE895E50
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8710003_2_000002B5CE871000
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE874DA03_2_000002B5CE874DA0
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE88D6003_2_000002B5CE88D600
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE889D203_2_000002B5CE889D20
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8812B03_2_000002B5CE8812B0
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8923B63_2_000002B5CE8923B6
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE87CBF03_2_000002B5CE87CBF0
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8A53F83_2_000002B5CE8A53F8
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8A3B2C3_2_000002B5CE8A3B2C
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE87B8B03_2_000002B5CE87B8B0
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE87E8C03_2_000002B5CE87E8C0
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE87A8C03_2_000002B5CE87A8C0
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE88D0303_2_000002B5CE88D030
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE89E9BC3_2_000002B5CE89E9BC
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8779403_2_000002B5CE877940
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE89F9643_2_000002B5CE89F964
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8A67083_2_000002B5CE8A6708
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE87DE203_2_000002B5CE87DE20
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8826903_2_000002B5CE882690
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8807403_2_000002B5CE880740
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8927903_2_000002B5CE892790
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE88C5013_2_000002B5CE88C501
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE88A5103_2_000002B5CE88A510
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE89CC2C3_2_000002B5CE89CC2C
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8A5C5C3_2_000002B5CE8A5C5C
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE88C4803_2_000002B5CE88C480
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE899D1C3_2_000002B5CE899D1C
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE88AD503_2_000002B5CE88AD50
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_009F273814_2_009F2738
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_009F5D7C14_2_009F5D7C
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B3B0B114_2_00B3B0B1
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B610B214_2_00B610B2
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_009F20C014_2_009F20C0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A600D814_2_00A600D8
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AF10D014_2_00AF10D0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A4302014_2_00A43020
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B1902014_2_00B19020
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B6002D14_2_00B6002D
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A3C06C14_2_00A3C06C
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A3707414_2_00A37074
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A0104C14_2_00A0104C
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B3D04014_2_00B3D040
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B6A19614_2_00B6A196
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B4919B14_2_00B4919B
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A6219814_2_00A62198
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B2B1F214_2_00B2B1F2
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_009F11CC14_2_009F11CC
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A411F014_2_00A411F0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B5C1D414_2_00B5C1D4
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A0C1D014_2_00A0C1D0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B4613B14_2_00B4613B
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B3C12514_2_00B3C125
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B4C11714_2_00B4C117
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B0111314_2_00B01113
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B2611E14_2_00B2611E
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AEC11814_2_00AEC118
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A3211814_2_00A32118
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A4617014_2_00A46170
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A0D14814_2_00A0D148
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A492B814_2_00A492B8
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B2B29414_2_00B2B294
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A3D29414_2_00A3D294
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B2F2F014_2_00B2F2F0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AEA2CC14_2_00AEA2CC
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AEC2DB14_2_00AEC2DB
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A622DC14_2_00A622DC
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A642D814_2_00A642D8
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A4E22414_2_00A4E224
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A2923C14_2_00A2923C
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B4A25214_2_00B4A252
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B443B514_2_00B443B5
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AE538A14_2_00AE538A
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A4E39C14_2_00A4E39C
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A3539814_2_00A35398
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B2E3D514_2_00B2E3D5
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AFA32A14_2_00AFA32A
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00ACF31414_2_00ACF314
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B4F37714_2_00B4F377
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A6A35814_2_00A6A358
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AF04AC14_2_00AF04AC
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A094A414_2_00A094A4
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A684BC14_2_00A684BC
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B034AD14_2_00B034AD
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AFF4FA14_2_00AFF4FA
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AD14F114_2_00AD14F1
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A4E4F814_2_00A4E4F8
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A1B4FC14_2_00A1B4FC
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B4D4DD14_2_00B4D4DD
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_009F140014_2_009F1400
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B6747D14_2_00B6747D
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B0047E14_2_00B0047E
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B6544E14_2_00B6544E
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A3F45814_2_00A3F458
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B055BB14_2_00B055BB
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A635B014_2_00A635B0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B165AD14_2_00B165AD
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B155AE14_2_00B155AE
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A345E014_2_00A345E0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B065FB14_2_00B065FB
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B655E214_2_00B655E2
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A135F414_2_00A135F4
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B5C5C714_2_00B5C5C7
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B2752C14_2_00B2752C
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A3857014_2_00A38570
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00ACC54814_2_00ACC548
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B6E54414_2_00B6E544
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A626A014_2_00A626A0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A6C6A014_2_00A6C6A0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A546B414_2_00A546B4
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AD96B114_2_00AD96B1
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00ADF6ED14_2_00ADF6ED
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B116FA14_2_00B116FA
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B286E414_2_00B286E4
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B5E6CB14_2_00B5E6CB
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00ADB62814_2_00ADB628
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B2660614_2_00B26606
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B6A67614_2_00B6A676
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AD966A14_2_00AD966A
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A427B414_2_00A427B4
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A4178C14_2_00A4178C
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00ACE71314_2_00ACE713
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A2876C14_2_00A2876C
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A168C414_2_00A168C4
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B0C8DB14_2_00B0C8DB
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AEB8DE14_2_00AEB8DE
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_009F18EC14_2_009F18EC
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A6282014_2_00A62820
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A5783414_2_00A57834
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A5D80C14_2_00A5D80C
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A1F87014_2_00A1F870
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A6987014_2_00A69870
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A6687814_2_00A66878
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A5284C14_2_00A5284C
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A6398414_2_00A63984
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B389CB14_2_00B389CB
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AFD90D14_2_00AFD90D
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AD191814_2_00AD1918
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A1791814_2_00A17918
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A3194014_2_00A31940
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A05AB014_2_00A05AB0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A33AB014_2_00A33AB0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B39AAB14_2_00B39AAB
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A26ABC14_2_00A26ABC
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AD2AEB14_2_00AD2AEB
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A60AF414_2_00A60AF4
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A31AF814_2_00A31AF8
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AE1A1114_2_00AE1A11
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B3BA7614_2_00B3BA76
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A28A6414_2_00A28A64
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A61A7414_2_00A61A74
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AE9A4414_2_00AE9A44
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A57A5014_2_00A57A50
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A65A5814_2_00A65A58
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_009FBA6014_2_009FBA60
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B2FBB314_2_00B2FBB3
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B05BB714_2_00B05BB7
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00ACFBB014_2_00ACFBB0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AE2B9114_2_00AE2B91
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AE3BF114_2_00AE3BF1
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_009F9BF414_2_009F9BF4
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AF9B2E14_2_00AF9B2E
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A6DB3014_2_00A6DB30
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AFFB5C14_2_00AFFB5C
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A5DCAC14_2_00A5DCAC
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A68CBC14_2_00A68CBC
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A57CB814_2_00A57CB8
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A41CF014_2_00A41CF0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A42CC814_2_00A42CC8
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B55CDB14_2_00B55CDB
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B54C3C14_2_00B54C3C
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A4AC0814_2_00A4AC08
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A58C7814_2_00A58C78
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B24C5814_2_00B24C58
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B6DDBB14_2_00B6DDBB
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_009FED8814_2_009FED88
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A67D8014_2_00A67D80
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A25D8414_2_00A25D84
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B44D8E14_2_00B44D8E
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B07D0114_2_00B07D01
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B67D0B14_2_00B67D0B
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00ADDD7E14_2_00ADDD7E
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B0CD5D14_2_00B0CD5D
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A22EAC14_2_00A22EAC
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_009F4E8014_2_009F4E80
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A5CEF414_2_00A5CEF4
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B16EC414_2_00B16EC4
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B27EC714_2_00B27EC7
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B21ECB14_2_00B21ECB
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A52EDC14_2_00A52EDC
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_009F8EE414_2_009F8EE4
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AFBED014_2_00AFBED0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B2DE1F14_2_00B2DE1F
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AF0E6614_2_00AF0E66
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A6CF9C14_2_00A6CF9C
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A69FF414_2_00A69FF4
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00B17FDD14_2_00B17FDD
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AE0F3C14_2_00AE0F3C
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A0EF0814_2_00A0EF08
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00AFCF6514_2_00AFCF65
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A11F5014_2_00A11F50
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A06F5814_2_00A06F58
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeCode function: 17_2_000000014000116417_2_0000000140001164
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeCode function: 17_2_000000014005EFEC17_2_000000014005EFEC
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeCode function: 17_2_000000014001D02017_2_000000014001D020
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeCode function: 17_2_00000001400638E417_2_00000001400638E4
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeCode function: 17_2_000000014001292417_2_0000000140012924
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeCode function: 17_2_000000014006016417_2_0000000140060164
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeCode function: 17_2_00000001400021BC17_2_00000001400021BC
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeCode function: 17_2_000000014000C20C17_2_000000014000C20C
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeCode function: 17_2_0000000140021C5817_2_0000000140021C58
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeCode function: 17_2_00000001400614CC17_2_00000001400614CC
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeCode function: 17_2_00000001400054E417_2_00000001400054E4
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeCode function: 17_2_000000014001565C17_2_000000014001565C
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeCode function: 17_2_000000014006577C17_2_000000014006577C
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeCode function: 17_2_0000000140061FDC17_2_0000000140061FDC
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFB99F02E1120_2_00007FFB99F02E11
                    Source: Joe Sandbox ViewDropped File: C:\Windows\Temp\22v95X_1548.sys C37BF1ABC0662B4F18607E2D7B75F5C600E45EA5604DAFFA54674E2AEBDCE9F0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeProcess token adjusted: Load DriverJump to behavior
                    Source: C:\Windows\System32\svchost.exeCode function: String function: 000002B5CE8984A8 appears 48 times
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: String function: 00A0B600 appears 69 times
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeCode function: String function: 0000000140011D54 appears 36 times
                    Source: 3f2350f5.exe.17.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (native) Intel 80386, for MS Windows
                    Source: 3f2350f5.exe.17.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (native) x86-64, for MS Windows
                    Source: 3f2350f5.exe.17.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (native) Intel 80386, for MS Windows
                    Source: 3f2350f5.exe.17.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (native) x86-64, for MS Windows
                    Source: 3f2350f5.exe.17.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (native) Intel 80386, for MS Windows
                    Source: 3f2350f5.exe.17.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (native) x86-64, for MS Windows
                    Source: 3f2350f5.exe.17.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (native) Intel 80386, for MS Windows
                    Source: 3f2350f5.exe.17.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (native) x86-64, for MS Windows
                    Source: 3f2350f5.exe.17.drStatic PE information: Resource name: RT_RCDATA type: Zip archive data, at least v2.0 to extract, compression method=deflate
                    Source: u75a1_003.exe, 00000000.00000000.872751316.0000000000686000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamexwizard.exej% vs u75a1_003.exe
                    Source: u75a1_003.exeBinary or memory string: OriginalFilenamexwizard.exej% vs u75a1_003.exe
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeDriver loaded: \Registry\Machine\System\CurrentControlSet\Services\1J0Hx_1548Jump to behavior
                    Source: u75a1_003.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.u75a1_003.exe.75bfc8.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                    Source: 3.2.svchost.exe.2b5ce870000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                    Source: 0.2.u75a1_003.exe.75bfc8.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                    Source: 0.2.u75a1_003.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                    Source: u75a1_003.exeStatic PE information: Section: ie2 ZLIB complexity 0.9925471427859706
                    Source: 3f2350f5.exe.17.drBinary string: \Device\Mup\\doh00%u
                    Source: 3f2350f5.exe.17.drBinary string: \DEVICE\HARDDISKDMVOLUMES\PHYSICALDMVOLUMES\BLOCKVOLUME\DEVICE\MUP\
                    Source: 3f2350f5.exe.17.drBinary string: \DEVICE\H
                    Source: 3f2350f5.exe.17.drBinary string: %s, %d: edi = 0x%lx, esi = 0x%lx, ebx = 0x%lx, edx = 0x%lx, ecx = 0x%lx, eax = 0x%lx, ebp = 0x%lx, eip = 0x%lx, esp = 0x%lxdlh00\DEVICE\HARDDISKVOLUME\DEVICE\HARDDISKDMVOLUMES\PHYSICALDMVOLUMES\BLOCKVOLUME\DEVICE\MUP\\??\UNC\SeDeleteClientSecurity
                    Source: 3f2350f5.exe.17.drBinary string: \DEVICE\HARDDISKVOLUME
                    Source: 3f2350f5.exe.17.drBinary string: b\Device\\DosDevices\a\FileSystem\Filters\IoCreateDriver
                    Source: 3f2350f5.exe.17.drBinary string: \DEVICE\~
                    Source: 3f2350f5.exe.17.drBinary string: m01\Device\\DosDevices\r01dr03
                    Source: 3f2350f5.exe.17.drBinary string: \Device\Mup\
                    Source: 22v95X_1548.sys.14.drBinary string: \Device\Udp6\Device\Udp\Device\Tcp6\Device\Tcp
                    Source: 3f2350f5.exe.17.drBinary string: \Device\
                    Source: 3f2350f5.exe.17.drBinary string: \DEVICE\
                    Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@23/23@2/6
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_009F5D7C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,GetModuleHandleA,GetProcAddress,RegOpenKeyA,wsprintfA,RegCreateKeyA,RegSetValueExA,RegSetValueExA,RegSetValueExA,wsprintfA,RegSetValueExA,MultiByteToWideChar,wsprintfW,NtLoadDriver,RegCloseKey,RegCloseKey,14_2_009F5D7C
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_004043D0 CreateToolhelp32Snapshot,Process32FirstW,StrCmpIW,CloseHandle,Process32NextW,CloseHandle,0_2_004043D0
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_0041DE90 CoInitialize,CoCreateInstance,CoUninitialize,0_2_0041DE90
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                    Source: C:\Users\user\Desktop\u75a1_003.exeMutant created: \Sessions\1\BaseNamedObjects\{3FA0BA37-09C6-4551-AE7D-90F1279DF03F}
                    Source: C:\Users\user\Desktop\u75a1_003.exeMutant created: \Sessions\1\BaseNamedObjects\{332F5D59-2BCB-4D58-B258-019647CFE541}
                    Source: C:\Users\user\Desktop\u75a1_003.exeMutant created: \Sessions\1\BaseNamedObjects\{3309A6B4-2F09-4BC8-A971-5D5A3B1B34EE}
                    Source: C:\Users\user\Desktop\u75a1_003.exeMutant created: \Sessions\1\BaseNamedObjects\{BECD724E-BB45-47CB-82D8-31731BA1EB16}
                    Source: C:\Windows\System32\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\{213CD3BF-7EA5-4F3F-A371-F1D075B5EB25}
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5860:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6488:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1940:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:484:120:WilError_03
                    Source: C:\Windows\System32\svchost.exeFile created: C:\Users\user~1\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}Jump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\set.bat" """
                    Source: C:\Windows\System32\svchost.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: u75a1_003.exeVirustotal: Detection: 39%
                    Source: u75a1_003.exeReversingLabs: Detection: 63%
                    Source: C:\Users\user\Desktop\u75a1_003.exeFile read: C:\Users\user\Desktop\u75a1_003.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\u75a1_003.exe "C:\Users\user\Desktop\u75a1_003.exe"
                    Source: C:\Users\user\Desktop\u75a1_003.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:'
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\u75a1_003.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath 'C:'
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exe "C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exe" ""
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\set.bat" """
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe "C:\Users\user~1\AppData\Local\Temp\\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe" ""
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath C:\
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Remove-MpPreference -ExclusionPath C:\
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\u75a1_003.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:'Jump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath 'C:'Jump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exe "C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exe" ""Jump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\set.bat" """Jump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe "C:\Users\user~1\AppData\Local\Temp\\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe" ""Jump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath C:\Jump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Remove-MpPreference -ExclusionPath C:\Jump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeSection loaded: msi.dllJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeSection loaded: dbgcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dlnashext.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wpdshext.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                    Source: u75a1_003.exeStatic file information: File size 1313792 > 1048576
                    Source: u75a1_003.exeStatic PE information: Raw size of ie2 is bigger than: 0x100000 < 0x139a00
                    Source: Binary string: C:\a\b\a_LWOJJGNK_\b\klsl\output\out_Win32\Release_Dat\klsl.pdbGCTL source: w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1847659716.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844143458.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.dr
                    Source: Binary string: \??\C:\Users\user~1\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*sNVD slot #32NVD slot #32 source: w32tm.exe, 00000011.00000002.2133785084.000000000051C000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\a\b\a_J2WO8YVT_\b\klsl\output\out_x64\Release_Dat\klsl.pdb source: 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\a_9AF7IKT4_\b\klsl\output\out_Win32\Release_Sys\klsl.pdbGCTL source: 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\d_00000000_\b\klmd\output\out_Win32\Release_Sys\klmd.pdbGCTL source: w32tm.exe, 00000011.00000003.1824904400.00000000022E3000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\a_UJHZC0YB_\b\klsl\output\out_x64\Release_Sys\klsl.pdbGCTL source: 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\a_LWOJJGNK_\b\klsl\output\out_Win32\Release_Dat\klsl.pdb source: w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1847659716.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844143458.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\a_UJHZC0YB_\b\klsl\output\out_x64\Release_Sys\klsl.pdb source: 3f2350f5.exe.17.dr
                    Source: Binary string: C:\Users\user~1\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: w32tm.exe, 00000011.00000002.2133785084.000000000051C000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\a\b\a_J2WO8YVT_\b\klsl\output\out_x64\Release_Dat\klsl.pdbGCTL source: 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\d_00000000_\b\klmd\output\out_Win32\Release_Sys\klmd.pdb source: w32tm.exe, 00000011.00000003.1824904400.00000000022E3000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\d_00000000_\b\klmd\output\out_x64\Release_Sys\klmd.pdbGCTL source: w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1847659716.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844143458.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\d_00000000_\b\klmd\output\out_Win32\Release_Dat\klmd.pdb source: 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\d_00000000_\b\klmd\output\out_x64\Release_Dat\klmd.pdbGCTL source: w32tm.exe, 00000011.00000003.1847659716.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\a_9AF7IKT4_\b\klsl\output\out_Win32\Release_Sys\klsl.pdb source: 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\d_00000000_\b\klmd\output\out_x64\Release_Sys\klmd.pdb source: w32tm.exe, 00000011.00000003.1849186188.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1847659716.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000003.1844143458.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\c\g_4UV6QLON\r\product\removal_tools\output\out_Win32\Release\setup_kvrt.pdb source: w32tm.exe, 00000011.00000003.1809356710.00000000022E3000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\d_00000000_\b\klmd\output\out_x64\Release_Dat\klmd.pdb source: w32tm.exe, 00000011.00000003.1847659716.00000000022DE000.00000004.00000020.00020000.00000000.sdmp, 3f2350f5.exe.17.dr
                    Source: Binary string: C:\a\b\d_00000000_\b\klmd\output\out_Win32\Release_Dat\klmd.pdbGCTL source: 3f2350f5.exe.17.dr
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_0040BC88 WaitForSingleObject,GetLocalTime,SystemTimeToFileTime,wnsprintfW,RegDeleteKeyExW,wnsprintfW,RegDeleteKeyExW,wnsprintfW,RegDeleteKeyExW,wnsprintfW,RegDeleteKeyExW,GetFileAttributesW,SHFileOperationW,Sleep,LocalFree,GetWindowsDirectoryW,CreateProcessW,GetCurrentProcess,DuplicateHandle,GetCurrentProcess,DuplicateHandle,LoadLibraryW,GetProcAddress,GetProcAddress,CloseHandle,CloseHandle,TerminateProcess,LocalFree,OpenEventW,SetEvent,CloseHandle,LocalFree,0_2_0040BC88
                    Source: initial sampleStatic PE information: section where entry point is pointing to: ie2
                    Source: u75a1_003.exeStatic PE information: section name: ie0
                    Source: u75a1_003.exeStatic PE information: section name: ie1
                    Source: u75a1_003.exeStatic PE information: section name: ie2
                    Source: 22v95X_1548.sys.14.drStatic PE information: section name: vs0
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_004051C6 pushfd ; retn 0047h0_2_004051C7
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_004075BB push ecx; retf 0000h0_2_004075BC
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_0040A6A2 push eax; ret 0_2_0040A6A3
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_009F2D40 push rcx; iretd 14_2_009F2D43
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A77E88 push rax; retn 00A7h14_2_00A77E89
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeCode function: 17_2_00000001400136B7 push rsp; iretd 17_2_00000001400136B8
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeCode function: 17_2_00000001400136D2 push rsp; iretd 17_2_00000001400136D3
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 18_2_00007FFB99D1D2A5 pushad ; iretd 18_2_00007FFB99D1D2A6
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 18_2_00007FFB99E3BC5D push E85B7DD5h; ret 18_2_00007FFB99E3BCF9
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 18_2_00007FFB99F02316 push 8B485F95h; iretd 18_2_00007FFB99F0231B
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFB99D1D2A5 pushad ; iretd 20_2_00007FFB99D1D2A6
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFB99E319F2 pushad ; ret 20_2_00007FFB99E319F9
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFB99F02316 push 8B485F95h; iretd 20_2_00007FFB99F0231B
                    Source: u75a1_003.exeStatic PE information: section name: ie2 entropy: 7.988945558914526
                    Source: 22v95X_1548.sys.14.drStatic PE information: section name: .text entropy: 7.126561604240753

                    Persistence and Installation Behavior

                    barindex
                    Sample is not signed and drops a device driver
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeFile created: C:\Windows\Temp\22v95X_1548.sysJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeFile created: C:\Users\user\AppData\Local\Temp\{47f1c531-61ba-433c-9c5c-b16ee8702014}\3f2350f5.exeJump to dropped file
                    Source: C:\Windows\System32\svchost.exeFile created: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeJump to dropped file
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeFile created: C:\Windows\Temp\22v95X_1548.sysJump to dropped file
                    Source: C:\Windows\System32\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeJump to dropped file
                    Source: C:\Windows\System32\svchost.exeFile created: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeJump to dropped file
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeFile created: C:\Windows\Temp\22v95X_1548.sysJump to dropped file

                    Boot Survival

                    barindex
                    Creates autostart registry keys with suspicious names
                    Source: C:\Windows\System32\svchost.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run {57F06FF0-B2D5-45F3-BFEE-970F76E38EFD}Jump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1J0Hx_1548Jump to behavior
                    Source: C:\Windows\System32\svchost.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run {57F06FF0-B2D5-45F3-BFEE-970F76E38EFD}Jump to behavior
                    Source: C:\Windows\System32\svchost.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run {57F06FF0-B2D5-45F3-BFEE-970F76E38EFD}Jump to behavior
                    Source: C:\Windows\System32\svchost.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run {57F06FF0-B2D5-45F3-BFEE-970F76E38EFD}Jump to behavior
                    Source: C:\Windows\System32\svchost.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run {57F06FF0-B2D5-45F3-BFEE-970F76E38EFD}Jump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Deletes itself after installation
                    Source: C:\Windows\System32\svchost.exeFile deleted: c:\users\user\desktop\u75a1_003.exeJump to behavior
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE888830 LoadLibraryW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,LoadLibraryExW,GetProcAddressForCaller,GetProcAddress,LoadLibraryExW,GetProcAddress,GetProcAddress,LoadLibraryExW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,LoadLibraryExW,GetProcAddress,GetProcAddress,LoadLibraryExW,GetProcAddress,GetProcAddress,LoadLibraryExW,GetProcAddress,GetProcAddress,LoadLibraryExW,GetProcAddress,GetProcAddress,LoadLibraryExW,GetProcAddress,GetProcAddress,LoadLibraryExW,GetProcAddress,GetProcAddress,LoadLibraryExW,GetProcAddressForCaller,GetProcAddress,LoadLibraryExW,GetProcAddressForCaller,GetProcAddress,LoadLibraryExW,GetProcAddress,GetProcAddress,3_2_000002B5CE888830
                    Source: C:\Users\user\Desktop\u75a1_003.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\{42F09F7D-CA44-409E-A936-E948CF4ECA66} {875376CD-1334-41AA-8A36-0C7105D31883}Jump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Query firmware table information (likely to detect VMs)
                    Source: C:\Users\user\Desktop\u75a1_003.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Switches to a custom stack to bypass stack traces
                    Source: C:\Users\user\Desktop\u75a1_003.exeAPI/Special instruction interceptor: Address: 5B1DC0
                    Source: C:\Users\user\Desktop\u75a1_003.exeAPI/Special instruction interceptor: Address: 5BC9C7
                    Source: C:\Users\user\Desktop\u75a1_003.exeAPI/Special instruction interceptor: Address: 59AE72
                    Source: C:\Users\user\Desktop\u75a1_003.exeAPI/Special instruction interceptor: Address: 590FF6
                    Source: C:\Users\user\Desktop\u75a1_003.exeAPI/Special instruction interceptor: Address: 552302
                    Source: C:\Users\user\Desktop\u75a1_003.exeAPI/Special instruction interceptor: Address: 5CE7B2
                    Source: C:\Users\user\Desktop\u75a1_003.exeAPI/Special instruction interceptor: Address: 7FFC1B60E814
                    Tries to detect virtualization through RDTSC time measurements
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeRDTSC instruction interceptor: First address: 140423FA5 second address: 140423FA5 instructions: 0x00000000 rdtsc 0x00000002 dec edx 0x00000003 lea edx, dword ptr [edi+ebx] 0x00000006 dec eax 0x00000007 lea eax, dword ptr [edx+04h] 0x0000000a cmc 0x0000000b dec eax 0x0000000c cmp eax, ebx 0x0000000e jmp 00007F32410336B5h 0x00000013 jnc 00007F32410336FCh 0x00000019 inc ecx 0x0000001a mov eax, dword ptr [ebx] 0x0000001c cmc 0x0000001d inc ecx 0x0000001e xor eax, eax 0x00000020 inc ecx 0x00000021 cmp eax, dword ptr [ecx+1Ch] 0x00000024 jne 00007F32410336EBh 0x0000002a dec eax 0x0000002b cmp edx, ebx 0x0000002d jmp 00007F32410336B5h 0x00000032 jnc 00007F32410336E9h 0x00000038 inc ecx 0x00000039 mov eax, dword ptr [ebx] 0x0000003b inc ecx 0x0000003c xor eax, eax 0x0000003e inc ecx 0x0000003f cmp eax, dword ptr [ecx+28h] 0x00000042 jmp 00007F32410336B5h 0x00000047 jne 00007F32410336D4h 0x0000004d dec eax 0x0000004e lea eax, dword ptr [edx+03h] 0x00000051 dec eax 0x00000052 cmp eax, ebx 0x00000054 jmp 00007F32410336B5h 0x00000059 jnc 00007F324103370Bh 0x0000005f inc ecx 0x00000060 mov eax, dword ptr [ebx] 0x00000062 inc ecx 0x00000063 xor eax, eax 0x00000065 inc ecx 0x00000066 test dh, 0000001Fh 0x00000069 inc ecx 0x0000006a cmp bl, 0000002Ch 0x0000006d inc ecx 0x0000006e cmp eax, dword ptr [ecx+30h] 0x00000071 jmp 00007F32410336B5h 0x00000076 jne 00007F32410336EEh 0x0000007c dec ecx 0x0000007d inc edx 0x0000007f dec esp 0x00000080 cmp edx, ebx 0x00000082 jc 00007F324103359Fh 0x00000088 dec ebp 0x00000089 lea ebx, dword ptr [edx+ecx] 0x0000008c rdtsc
                    Tries to evade analysis by execution special instruction (VM detection)
                    Source: C:\Users\user\Desktop\u75a1_003.exeSpecial instruction interceptor: First address: 5CEA81 instructions rdtsc caused by: RDTSC with Trap Flag (TF)
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeSpecial instruction interceptor: First address: 140424564 instructions rdtsc caused by: RDTSC with Trap Flag (TF)
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeSpecial instruction interceptor: First address: 1402AC77B instructions rdtsc caused by: RDTSC with Trap Flag (TF)
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_004F28F5 rdtsc 0_2_004F28F5
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE88DE00 GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,Process32NextW,CloseHandle,3_2_000002B5CE88DE00
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6298Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3520Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7159Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2458Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6436
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3180
                    Source: C:\Windows\System32\svchost.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_3-19866
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{47f1c531-61ba-433c-9c5c-b16ee8702014}\3f2350f5.exeJump to dropped file
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeDropped PE file which has not been started: C:\Windows\Temp\22v95X_1548.sysJump to dropped file
                    Source: C:\Users\user\Desktop\u75a1_003.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_0-11039
                    Source: C:\Users\user\Desktop\u75a1_003.exeAPI coverage: 6.2 %
                    Source: C:\Windows\System32\svchost.exeAPI coverage: 8.3 %
                    Source: C:\Windows\System32\svchost.exe TID: 6808Thread sleep count: 46 > 30Jump to behavior
                    Source: C:\Windows\System32\svchost.exe TID: 6808Thread sleep time: -138000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\svchost.exe TID: 6772Thread sleep time: -90000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1000Thread sleep count: 6298 > 30Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1000Thread sleep count: 3520 > 30Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5300Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                    Source: C:\Windows\System32\svchost.exe TID: 4556Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3620Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2740Thread sleep time: -4611686018427385s >= -30000s
                    Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                    Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8797F0 SHGetKnownFolderPath,lstrlenW,CoTaskMemFree,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,Sleep,GetFileAttributesW,RemoveDirectoryW,Sleep,GetFileAttributesW,RemoveDirectoryW,Sleep,3_2_000002B5CE8797F0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A6F230 FindFirstFileA,HeapCreate,14_2_00A6F230
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A435CC FindFirstFileA,FindNextFileA,FindClose,14_2_00A435CC
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A61C54 __doserrno,_errno,_errno,__doserrno,FindFirstFileA,_errno,_errno,_errno,_errno,_errno,GetDriveTypeA,free,free,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,14_2_00A61C54
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_009F5BCC GetCurrentProcess,GetProcessAffinityMask,GetSystemInfo,14_2_009F5BCC
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: svchost.exe, 00000003.00000002.2135639648.000002B5CCE97000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: svchost.exe, 00000003.00000002.2135639648.000002B5CCE97000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWwbG`|M
                    Source: svchost.exe, 00000003.00000002.2137570059.000002B5D1006000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %1\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: svchost.exe, 00000007.00000002.2137542207.000002B374E2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWpLEz
                    Source: w32tm.exe, 00000011.00000003.1800538611.00000000022AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sletlvltfavihyazeumkafkafohimskkkyswuzttpagutateknmrsamnglkoksyrdivar-SAbg-BGca-ESzh-TWcs-CZda-DKde-DEel-GRen-USfi-FIfr-FRhe-ILhu-HUis-ISit-ITja-JPko-KRnl-NLnb-NOpl-PLpt-BRro-ROru-RUhr-HRsk-SKsq-ALsv-SEth-THtr-TRur-PKid-IDuk-UAbe-BYsl-SIet-EElv-LVlt-LTfa-IRvi-VNhy-AMaz-AZ-Latneu-ESmk-MKtn-ZAxh-ZAzu-ZAaf-ZAka-GEfo-FOhi-INmt-MTse-NOms-MYkk-KZky-KGsw-KEuz-UZ-Latntt-RUbn-INpa-INgu-INta-INte-INkn-INml-INmr-INsa-INmn-MNcy-GBgl-ESkok-INsyr-SYdiv-MVquz-BOns-ZAmi-NZar-IQzh-CNde-CHen-GBes-MXfr-BEit-CHnl-BEnn-NOpt-PTsr-SP-Latnsv-FIaz-AZ-Cyrlse-SEms-BNuz-UZ-Cyrlquz-ECar-EGzh-HKde-ATen-AUes-ESfr-CAsr-SP-Cyrlse-FIquz-PEar-LYzh-SGde-LUen-CAes-GTfr-CHhr-BAsmj-NOar-DZzh-MOde-LIen-NZes-CRfr-LUbs-BA-Latnsmj-SEar-MAen-IEes-PAfr-MCsr-BA-Latnsma-NOar-TNen-ZAes-DOsr-BA-Cyrlsma-SEar-OMen-JMes-VEsms-FIar-YEen-CBes-COsmn-FIar-SYen-BZes-PEar-JOen-TTes-ARar-LBen-ZWes-ECar-KWen-PHes-CLar-AEes-UYar-BHes-PYar-QAes-BOes-SVes-HNes-NIes-PRzh-CHTsraf-zaar-aear-bhar-dzar-egar-iqar-joar-kwar-lbar-lyar-maar-omar-qaar-saar-syar-tnar-yeaz-az-cyrlaz-az-latnbe-bybg-bgbn-inbs-ba-latnca-escs-czcy-gbda-dkde-atde-chde-dede-lide-ludiv-mvel-gren-auen-bzen-caen-cben-gben-ieen-jmen-nzen-phen-tten-usen-zaen-zwes-ares-boes-cles-coes-cres-does-eces-eses-gtes-hnes-mxes-nies-paes-pees-pres-pyes-sves-uyes-veet-eeeu-esfa-irfi-fifo-fofr-befr-cafr-chfr-frfr-lufr-mcgl-esgu-inhe-ilhi-inhr-bahr-hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inkok-inko-krky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr-inms-bnms-mymt-mtnb-nonl-benl-nlnn-nons-zapa-inpl-plpt-brpt-ptquz-boquz-ecquz-pero-roru-rusa-inse-fise-nose-sesk-sksl-sisma-nosma-sesmj-nosmj-sesmn-fisms-fisq-alsr-ba-cyrlsr-ba-latnsr-sp-cyrlsr-sp-latnsv-fisv-sesw-kesyr-syta-inte-inth-thtn-zatr-trtt-ruuk-uaur-pkuz-uz-cyrluz-uz-latnvi-vnxh-zazh-chszh-chtzh-cnzh-hkzh-mozh-sgzh-twzu-zaManufacturerProductROOT\CIMV2SELECT Manufacturer, Product FROM Win32_BaseBoardMicrosoft CorporationVirtual MachineVBoxMiniRdrDNVirtual PCVMwareVirtual BoxHyper-VUndefined>....SystemException\ntdll.dllZwQuerySystemInformationkernel32\System32\\SysWOW64\TimeSystemErrorc:\a\c\g_4uv6qlon\r\product\removal_tools\kvrt\.delivery\pdk_instrumental.zip_60771a5c\include\component\eka\system\datetime\windows\datetime.hCannot convert system time to file time: Cannot convert a file time to system time format: GetTimeZoneInformationForYearCannot get timezone informationRtlGetVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionUBRGetNativeSystemInfoNT 3.51NT 4.02000XP20032003 R2Vista2008720112008 R2820128.12012 R21020162019WorkstationHome EditionEmbeddedMedia Center EditionStarter EditionTablet PC EditionProfessionalHomeServerEnterprise EditionDatacenter ServerAdvanced ServerWeb ServerStandard ServerHome ServerStorage ServerServer Enterprise EditionServer Datacenter EditionServer Web EditionServer Compute Cluster EditionSmall Business ServerServer Standard EditionDomain Controller. GetComputerNameExWMicrosoftWindowsUnsupportedx86x64ia64Service Pack sysinfo: :/Current local date / time: SystemInfo:Can't get
                    Source: svchost.exe, 00000003.00000002.2135468079.000002B5CCE8A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.2142222653.000002B37A452000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: svchost.exe, 00000003.00000002.2134543164.000002B5CCE33000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
                    Source: u75a1_003.exe, 00000000.00000002.880146615.00000000006FE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000011.00000002.2133785084.000000000051C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: tzutil.exe, 0000000E.00000002.1882334787.0000000000573000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll||
                    Source: C:\Users\user\Desktop\u75a1_003.exeAPI call chain: ExitProcess graph end nodegraph_0-11053
                    Source: C:\Users\user\Desktop\u75a1_003.exeAPI call chain: ExitProcess graph end nodegraph_0-11044
                    Source: C:\Users\user\Desktop\u75a1_003.exeAPI call chain: ExitProcess graph end nodegraph_0-10958
                    Source: C:\Users\user\Desktop\u75a1_003.exeAPI call chain: ExitProcess graph end nodegraph_0-11062
                    Source: C:\Users\user\Desktop\u75a1_003.exeAPI call chain: ExitProcess graph end nodegraph_0-11050
                    Source: C:\Users\user\Desktop\u75a1_003.exeAPI call chain: ExitProcess graph end nodegraph_0-11038
                    Source: C:\Users\user\Desktop\u75a1_003.exeAPI call chain: ExitProcess graph end nodegraph_0-11041
                    Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_3-19784
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeAPI call chain: ExitProcess graph end nodegraph_14-53970
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeAPI call chain: ExitProcess graph end nodegraph_14-53574
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_004F28F5 rdtsc 0_2_004F28F5
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE89A818 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_000002B5CE89A818
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE88DE00 GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,Process32NextW,CloseHandle,3_2_000002B5CE88DE00
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_0040BC88 WaitForSingleObject,GetLocalTime,SystemTimeToFileTime,wnsprintfW,RegDeleteKeyExW,wnsprintfW,RegDeleteKeyExW,wnsprintfW,RegDeleteKeyExW,wnsprintfW,RegDeleteKeyExW,GetFileAttributesW,SHFileOperationW,Sleep,LocalFree,GetWindowsDirectoryW,CreateProcessW,GetCurrentProcess,DuplicateHandle,GetCurrentProcess,DuplicateHandle,LoadLibraryW,GetProcAddress,GetProcAddress,CloseHandle,CloseHandle,TerminateProcess,LocalFree,OpenEventW,SetEvent,CloseHandle,LocalFree,0_2_0040BC88
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A69204 GetProcessHeap,HeapAlloc,_errno,_errno,__doserrno,_errno,GetProcessHeap,HeapFree,SetEndOfFile,_errno,__doserrno,GetLastError,14_2_00A69204
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE89A818 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_000002B5CE89A818
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8A0E94 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_000002B5CE8A0E94
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE89E5B8 SetUnhandledExceptionFilter,3_2_000002B5CE89E5B8
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE89C5E0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_000002B5CE89C5E0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A5C280 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00A5C280
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A5C540 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00A5C540
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A59924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00A59924
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A59B18 SetUnhandledExceptionFilter,14_2_00A59B18

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Benign windows process drops PE files
                    Source: C:\Windows\System32\svchost.exeFile created: tzutil.exe.3.drJump to dropped file
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\u75a1_003.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:'
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath 'C:'
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath C:\
                    Source: C:\Users\user\Desktop\u75a1_003.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:'Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath 'C:'Jump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath C:\Jump to behavior
                    Contains functionality to inject code into remote processes
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_00406DB1 GetCurrentProcess,CreateProcessW,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,GetThreadContext,WriteProcessMemory,SetThreadContext,ResumeThread,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,NtClose,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,CloseHandle,CloseHandle,0_2_00406DB1
                    Found direct / indirect Syscall (likely to bypass EDR)
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeNtProtectVirtualMemory: Direct from: 0x140415069Jump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeNtProtectVirtualMemory: Direct from: 0x140269461Jump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeNtProtectVirtualMemory: Direct from: 0x140309573Jump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeNtProtectVirtualMemory: Direct from: 0x1400026B1Jump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeNtQuerySystemInformation: Direct from: 0x14026042BJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeNtProtectVirtualMemory: Direct from: 0x140248445Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeNtProtectVirtualMemory: Direct from: 0x140179770Jump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeNtProtectVirtualMemory: Direct from: 0x14030E01BJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeNtProtectVirtualMemory: Direct from: 0x14025B23FJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeNtProtectVirtualMemory: Direct from: 0x140225E38Jump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeNtQuerySystemInformation: Direct from: 0x14030CB3FJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeNtQuerySystemInformation: Direct from: 0x140225E44Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeNtQuerySystemInformation: Direct from: 0x140232AC0Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeNtQuerySystemInformation: Direct from: 0x140166C45Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeNtQuerySystemInformation: Direct from: 0x1402A1C00Jump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeNtProtectVirtualMemory: Direct from: 0x14030502DJump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeNtQuerySystemInformation: Direct from: 0x140401E6FJump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeNtQuerySystemInformation: Direct from: 0x14041915EJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeNtQuerySystemInformation: Direct from: 0x140168DD1Jump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeNtProtectVirtualMemory: Direct from: 0x1404224DEJump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeNtProtectVirtualMemory: Direct from: 0x140273181Jump to behavior
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeNtProtectVirtualMemory: Direct from: 0x140421DC0Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exeNtProtectVirtualMemory: Direct from: 0x14029D239Jump to behavior
                    Maps a DLL or memory area into another process
                    Source: C:\Users\user\Desktop\u75a1_003.exeSection loaded: NULL target: C:\Windows\System32\svchost.exe protection: read writeJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeSection loaded: NULL target: C:\Windows\System32\svchost.exe protection: execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeSection loaded: NULL target: C:\Windows\System32\svchost.exe protection: read writeJump to behavior
                    Searches for specific processes (likely to inject)
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_004043D0 CreateToolhelp32Snapshot,Process32FirstW,StrCmpIW,CloseHandle,Process32NextW,CloseHandle,0_2_004043D0
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_004044A0 CreateToolhelp32Snapshot,Process32FirstW,StrCmpIW,CloseHandle,Process32NextW,CloseHandle,0_2_004044A0
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8742E0 CreateToolhelp32Snapshot,Process32FirstW,StrCmpIW,CloseHandle,Process32NextW,CloseHandle,3_2_000002B5CE8742E0
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE8743D0 CreateToolhelp32Snapshot,Process32FirstW,StrCmpIW,CloseHandle,Process32NextW,CloseHandle,3_2_000002B5CE8743D0
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE87A3B0 setsockopt,SetEvent,LocalAlloc,wnsprintfW,LocalAlloc,lstrcpyW,LocalAlloc,lstrcpyW,CoInitializeEx,ShellExecuteExW,GetLastError,CoUninitialize,LocalAlloc,wnsprintfW,CreateProcessW,OpenEventW,SetEvent,CloseHandle,LocalFree,LocalFree,OpenEventW,SetEvent,CloseHandle,LocalFree,LocalFree,LocalFree,LocalFree,shutdown,closesocket,3_2_000002B5CE87A3B0
                    Source: C:\Users\user\Desktop\u75a1_003.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath 'C:'Jump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\set.bat" """Jump to behavior
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_0040CF36 AllocateAndInitializeSid,SetEntriesInAclW,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,LocalFree,0_2_0040CF36
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_0041D480 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_0041D480
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_004FED93 cpuid 0_2_004FED93
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: ___crtGetLocaleInfoEx,WSACreateEvent,___crtGetLocaleInfoEx,WSAGetLastError,WSAEventSelect,WSAWaitForMultipleEvents,WSAEnumNetworkEvents,0_2_00421DA0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: GetLocaleInfoA,14_2_00A5E5E8
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                    Source: C:\Users\user\Desktop\u75a1_003.exeCode function: 0_2_0040804B GetSystemTime,SystemTimeToFileTime,0_2_0040804B
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE895AD0 LocalAlloc,LoadLibraryW,LocalFree,GetProcAddress,LocalFree,RtlGetVersion,LocalFree,GetUserGeoID,gethostname,gethostbyname,GetComputerNameExW,GetUserNameW,GetTickCount64,LocalFree,3_2_000002B5CE895AD0
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A5D80C _lock,___lc_codepage_func,free,free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,14_2_00A5D80C
                    Source: C:\Windows\System32\svchost.exeCode function: 3_2_000002B5CE89F6DC HeapCreate,GetVersion,HeapSetInformation,3_2_000002B5CE89F6DC
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected DarkVision Rat
                    Source: Yara matchFile source: 0.2.u75a1_003.exe.75bfc8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.svchost.exe.2b5ce870000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.u75a1_003.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.880146615.000000000075B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2136522765.000002B5CE8A8000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.879776216.0000000000434000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: u75a1_003.exe PID: 6236, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 6508, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected DarkVision Rat
                    Source: Yara matchFile source: 0.2.u75a1_003.exe.75bfc8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.svchost.exe.2b5ce870000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.u75a1_003.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.880146615.000000000075B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2136522765.000002B5CE8A8000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.879776216.0000000000434000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: u75a1_003.exe PID: 6236, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 6508, type: MEMORYSTR
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A192C4 socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,__swprintf_l,send,recv,closesocket,closesocket,closesocket,closesocket,14_2_00A192C4
                    Source: C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exeCode function: 14_2_00A08C10 htons,bind,htons,htons,htons,htons,bind,getsockname,WSAGetLastError,WSAGetLastError,14_2_00A08C10

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity Information1
                    Scripting                    		Valid Accounts2
                    Native API                    		1
                    Scripting                    		1
                    Exploitation for Privilege Escalation                    		1
                    Disable or Modify Tools                    		11
                    Input Capture                    		2
                    System Time Discovery                    		Remote Services11
                    Archive Collected Data                    		12
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Exploitation for Client Execution                    		2
                    LSASS Driver                    		1
                    Abuse Elevation Control Mechanism                    		1
                    Deobfuscate/Decode Files or Information                    		LSASS Memory1
                    Account Discovery                    		Remote Desktop Protocol11
                    Input Capture                    		21
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt1
                    DLL Side-Loading                    		2
                    LSASS Driver                    		1
                    Abuse Elevation Control Mechanism                    		Security Account Manager2
                    File and Directory Discovery                    		SMB/Windows Admin SharesData from Network Shared Drive2
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCron2
                    Windows Service                    		1
                    DLL Side-Loading                    		3
                    Obfuscated Files or Information                    		NTDS345
                    System Information Discovery                    		Distributed Component Object ModelInput Capture123
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchd11
                    Registry Run Keys / Startup Folder                    		1
                    Access Token Manipulation                    		2
                    Software Packing                    		LSA Secrets551
                    Security Software Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
                    Windows Service                    		1
                    DLL Side-Loading                    		Cached Domain Credentials131
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items311
                    Process Injection                    		11
                    File Deletion                    		DCSync12
                    Process Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job11
                    Registry Run Keys / Startup Folder                    		2
                    Masquerading                    		Proc Filesystem1
                    Application Window Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    Modify Registry                    		/etc/passwd and /etc/shadow1
                    System Owner/User Discovery                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron131
                    Virtualization/Sandbox Evasion                    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                    Access Token Manipulation                    		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                    Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task311
                    Process Injection                    		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1651741 Sample: u75a1_003.exe Startdate: 29/03/2025 Architecture: WINDOWS Score: 100 61 grabify.link 2->61 63 edge.geo.kaspersky.com 2->63 65 devbuilds.s.kaspersky-labs.com 2->65 83 Suricata IDS alerts for network traffic 2->83 85 Found malware configuration 2->85 87 Malicious sample detected (through community Yara rule) 2->87 89 11 other signatures 2->89 10 u75a1_003.exe 3 1 2->10         started        13 svchost.exe 1 1 2->13         started        signatures3 process4 dnsIp5 107 Query firmware table information (likely to detect VMs) 10->107 109 Contains functionality to inject code into remote processes 10->109 111 Adds a directory exclusion to Windows Defender 10->111 113 4 other signatures 10->113 16 svchost.exe 3 7 10->16         started        21 cmd.exe 1 10->21         started        71 127.0.0.1 unknown unknown 13->71 signatures6 process7 dnsIp8 55 82.29.67.160, 443, 49682, 49683 NTLGB United Kingdom 16->55 57 grabify.link 104.26.8.202, 443, 49695, 49698 CLOUDFLARENETUS United States 16->57 59 107.174.192.179, 49681, 80 AS-COLOCROSSINGUS United States 16->59 47 C:\Users\user\AppData\Local\...\w32tm.exe, Unknown 16->47 dropped 49 C:\ProgramData\...\tzutil.exe, Unknown 16->49 dropped 73 Benign windows process drops PE files 16->73 75 Creates autostart registry keys with suspicious names 16->75 77 Deletes itself after installation 16->77 79 Searches for specific processes (likely to inject) 16->79 23 tzutil.exe 7 4 16->23         started        28 w32tm.exe 2 16->28         started        30 cmd.exe 1 16->30         started        81 Adds a directory exclusion to Windows Defender 21->81 32 powershell.exe 23 21->32         started        34 conhost.exe 21->34         started        file9 signatures10 process11 dnsIp12 67 104.168.28.10, 49724, 49728, 49731 AS-COLOCROSSINGUS United States 23->67 51 C:\Windows\Temp\22v95X_1548.sys, PE32+ 23->51 dropped 93 Query firmware table information (likely to detect VMs) 23->93 95 Adds a directory exclusion to Windows Defender 23->95 97 Sample is not signed and drops a device driver 23->97 99 Tries to detect virtualization through RDTSC time measurements 23->99 36 powershell.exe 23 23->36         started        39 powershell.exe 23->39         started        69 edge.geo.kaspersky.com 4.28.136.57, 443, 49755, 49786 LEVEL3US United States 28->69 53 C:\Users\user\AppData\Local\...\3f2350f5.exe, PE32 28->53 dropped 101 Tries to evade analysis by execution special instruction (VM detection) 28->101 103 Found direct / indirect Syscall (likely to bypass EDR) 28->103 41 conhost.exe 30->41         started        105 Loading BitLocker PowerShell Module 32->105 file13 signatures14 process15 signatures16 91 Loading BitLocker PowerShell Module 36->91 43 conhost.exe 36->43         started        45 conhost.exe 39->45         started        process17

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.